CVE-2009-1468

EPSS 1.9%

Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) sql and (2) order_by elements in an XML search query.

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/32968unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://osvdb.org/54228 http://www.redteam-pentesting.de/advisories/rt-sa-2009-003 http://www.securityfocus.com/archive/1/503226/100/0/threaded http://www.securityfocus.com/bid/34820 http://www.securitytracker.com/id?1022169 http://www.vupen.com/english/advisories/2009/1253