A remote attacker with access to an authenticated Roundcube session can exploit a vulnerability leading to arbitrary code execution.