{"id":19972799,"url":"https://github.com/mbadanoiu/mal-004","last_synced_at":"2026-01-29T23:32:29.597Z","repository":{"id":233160012,"uuid":"786162983","full_name":"mbadanoiu/MAL-004","owner":"mbadanoiu","description":"MAL-004: Command Injection Bypass for CVE-2020-12641 in Roundcube Webmail","archived":false,"fork":false,"pushed_at":"2024-04-13T16:13:41.000Z","size":1097,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-06T12:05:46.999Z","etag":null,"topics":["0-day","bypass","cve-2020-12641","remote-code-execution","unauthenticated"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mbadanoiu.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2024-04-13T15:59:47.000Z","updated_at":"2024-04-13T16:16:39.000Z","dependencies_parsed_at":"2024-04-14T07:59:57.091Z","dependency_job_id":"fb532cea-ba03-4693-b249-3012b19f70ab","html_url":"https://github.com/mbadanoiu/MAL-004","commit_stats":null,"previous_names":["mbadanoiu/mal-004"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/mbadanoiu/MAL-004","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mbadanoiu%2FMAL-004","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mbadanoiu%2FMAL-004/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mbadanoiu%2FMAL-004/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mbadanoiu%2FMAL-004/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mbadanoiu","download_url":"https://codeload.github.com/mbadanoiu/MAL-004/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mbadanoiu%2FMAL-004/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28890349,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-29T21:06:44.224Z","status":"ssl_error","status_checked_at":"2026-01-29T21:06:42.160Z","response_time":59,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["0-day","bypass","cve-2020-12641","remote-code-execution","unauthenticated"],"created_at":"2024-11-13T03:09:16.110Z","updated_at":"2026-01-29T23:32:29.579Z","avatar_url":"https://github.com/mbadanoiu.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# MAL-004: Command Injection Bypass for CVE-2020-12641 in Roundcube Webmail\n\nA bypass was found for \"CVE-2020-12641: Command Injection via \"_im_convert_path\" in Roundcube Webmail\" affecting versions before 1.4.5, 1.3.12.\n\nThe php “escapeshellcmd” function, implemented to prevent “CVE-2020-12641: Command Injection via “_im_convert_path” Parameter”, performs insufficient sanitization and therefore this “filter” can be bypassed by using:\n- Command specific flags (both Linux and Windows environments)\n- Remote SMB paths (only in Windows environments)\n\nA successful attack results in the execution of arbitrary system commands whenever a valid Roundcube user opens a mail containing a non-standard image.\n\n### Vendor Disclosure:\n\nThe vendor's disclosure and fix for this vulnerability can be found [here](https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12).\n\n### Why no CVE?\n\nThis bypass was included as a \"better fix for CVE-2020-12641\" and was not given a separete CVE-ID.\n\n### Requirements:\n\nThis vulnerability requires:\n\u003cbr/\u003e\n- Access to the Roundcube Webmail installer component\n- Waiting for a Roundcube user to open an email containg a non-standard image\n\n\n### Proof Of Concept:\n\nMore details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/MAL-004/blob/main/Roundcube%20DIsclosures%20-%20MAL-004.pdf).\n\n### Additional Resources:\n\nInitial [vulnerability (CVE-2020-12641)](https://nvd.nist.gov/vuln/detail/CVE-2020-12641) and [GitHub disclosure](https://github.com/mbadanoiu/CVE-2020-12641)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmbadanoiu%2Fmal-004","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmbadanoiu%2Fmal-004","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmbadanoiu%2Fmal-004/lists"}