Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-49113 PoC — Roundcube Webmail 安全漏洞

Source
https://github.com/SteamPunk424/CVE-2025-49113-Roundcube-RCE-PHP
Associated Vulnerability
Title:Roundcube Webmail 安全漏洞 (CVE-2025-49113)
Description:Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
Description
This is a rewritten exploit to work with php
Readme
# CVE-2025-49113-Roundcube-RCE-PHP

Roundcube Webmail versions 1.5.0 through 1.6.10  
This is a rewritten exploit to work with PHP.

## Usage

```bash
php CVE-2025-49113.php <url> <username> <password>
File Snapshot

 [4.0K]  /data/pocs/84908f41c00cf8e11fa0c8cef3d2806ee41e1edf
├── [6.7K]  exploit.php
└── [ 202]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →