roundcube RCE due to vulnerable session handling code from 2005 originally intended to work around a PHP vulnerabilitystarting to believe that writing secure software in PHP is harder than doing so in C
untold number of email accounts compromised
@mia@shrimptest.0x0.st