#
cve-2025-49113
Here are 2 public repositories matching this topic...
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
-
Updated
Jun 15, 2025 - Python
Improve this page
Add a description, image, and links to the cve-2025-49113 topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the cve-2025-49113 topic, visit your repo's landing page and select "manage topics."