Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-49113 PoC — Roundcube Webmail 安全漏洞

Source
https://github.com/punitdarji/roundcube-cve-2025-49113
Associated Vulnerability
Title:Roundcube Webmail 安全漏洞 (CVE-2025-49113)
Description:Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
Readme
## Install 
```
docker run --name ubuntu24 \
  -p 9876:80 \
  -v "$PWD/rc_install.sh":/root/rc_install.sh \
  -it ubuntu:24.04 \
  bash -c "chmod +x /root/rc_install.sh && /root/rc_install.sh && exec bash" 
```


## POC [Youtube](https://www.youtube.com/watch?v=3fxl7wCYsjU&feature=youtu.be)

### Follow me [@Linkdin](https://www.linkedin.com/in/punitdarji/)


Credit @ [fearsoff-org](https://github.com/fearsoff-org/CVE-2025-49113)
File Snapshot

 [4.0K]  /data/pocs/3feac5373fd412ad06ed9063807ecf1796ab0b37
├── [ 11K]  CVE-2025-49113.php
├── [4.8K]  rc_install.sh
└── [ 433]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →