Vulnerability Description
Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) sql and (2) order_by elements in an XML search query.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Icewarp | Email Server | <= 9.3.0 |
| Icewarp | Webmail Server | <= 9.3.0 |
Related Weaknesses (CWE)
References
- http://osvdb.org/54228
- http://www.redteam-pentesting.de/advisories/rt-sa-2009-003Exploit
- http://www.securityfocus.com/archive/1/503226/100/0/threaded
- http://www.securityfocus.com/bid/34820Exploit
- http://www.securitytracker.com/id?1022169
- http://www.vupen.com/english/advisories/2009/1253
- http://osvdb.org/54228
- http://www.redteam-pentesting.de/advisories/rt-sa-2009-003Exploit
- http://www.securityfocus.com/archive/1/503226/100/0/threaded
- http://www.securityfocus.com/bid/34820Exploit
- http://www.securitytracker.com/id?1022169
- http://www.vupen.com/english/advisories/2009/1253
FAQ
What is CVE-2009-1468?
CVE-2009-1468 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote authenticated users to e...
How severe is CVE-2009-1468?
CVE-2009-1468 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1468?
Check the references section above for vendor advisories and patch information. Affected products include: Icewarp Email Server, Icewarp Webmail Server.