SQL Injection Vulnerabilities in IceWarp eMail Server and WebMail Server
CVE-2009-1468

Currently unrated

Key Information:

Vendor: Icewarp
Status: Email Server; Webmail Server
Vendor: CVE Published:; 5 May 2009

What is CVE-2009-1468?

Multiple SQL injection vulnerabilities exist in the Groupware component of IceWarp eMail Server and WebMail Server prior to version 9.4.2. Remote authenticated users can exploit these vulnerabilities through the 'sql' and 'order_by' parameters in an XML search query. This may allow attackers to execute arbitrary SQL commands, potentially leading to unauthorized data access or manipulation.

References

http://www.securityfocus.com/bid/34820

vdb-entryx_refsource_BID

http://www.securitytracker.com/id?1022169

vdb-entryx_refsource_SECTRACK

http://www.vupen.com/english/advisories/2009/1253

vdb-entryx_refsource_VUPEN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 5, 2009
Vulnerability Reserved
Apr 28, 2009

JSON

Icewarp

What is CVE-2009-1468?

References

Timeline