SQL Injection Vulnerabilities in IceWarp eMail Server and WebMail Server
CVE-2009-1468

Currently unrated

Key Information:

Vendor

Icewarp

Status
Email Server
Webmail Server
Vendor
CVE Published:
5 May 2009

What is CVE-2009-1468?

Multiple SQL injection vulnerabilities exist in the Groupware component of IceWarp eMail Server and WebMail Server prior to version 9.4.2. Remote authenticated users can exploit these vulnerabilities through the 'sql' and 'order_by' parameters in an XML search query. This may allow attackers to execute arbitrary SQL commands, potentially leading to unauthorized data access or manipulation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/34820
vdb-entryx_refsource_BID
http://www.securitytracker.com/id?1022169
vdb-entryx_refsource_SECTRACK
http://www.vupen.com/english/advisories/2009/1253
vdb-entryx_refsource_VUPEN

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.