Strix
26.1K

CVE-2009-1468

UnknownEPSS 1.93%

Last modified

CVE-2009-1468 is a vulnerability of currently unknown severity. Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) sql and (2) order_by elements in an XML search query.. EPSS estimates a 1.93% chance of exploitation in the next 30 days.

Description

Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) sql and (2) order_by elements in an XML search query.

Metrics

EPSS Probability
1.93%

77.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
IcewarpEmail Server<= 9.3.0
IcewarpEmail Server2.10.105
IcewarpEmail Server2.10.110
IcewarpEmail Server2.10.115
IcewarpEmail Server2.10.140
IcewarpEmail Server2.10.150
IcewarpEmail Server2.10.165
IcewarpEmail Server2.10.170
IcewarpEmail Server2.10.190
IcewarpEmail Server2.10.200
IcewarpEmail Server2.10.210
IcewarpEmail Server2.10.220
IcewarpEmail Server2.10.240
IcewarpEmail Server2.10.250
IcewarpEmail Server2.10.260
IcewarpEmail Server2.10.280
IcewarpEmail Server2.10.290
IcewarpEmail Server2.10.310
IcewarpEmail Server2.10.320
IcewarpEmail Server2.10.330
IcewarpEmail Server2.10.331
IcewarpEmail Server2.10.340
IcewarpEmail Server2.10.350
IcewarpEmail Server2.10.360
IcewarpEmail Server3.00.100
IcewarpEmail Server3.00.110
IcewarpEmail Server3.00.120
IcewarpEmail Server3.00.130
IcewarpEmail Server3.00.140
IcewarpEmail Server3.10.011
IcewarpEmail Server3.10.110
IcewarpEmail Server4.00.30
IcewarpEmail Server4.2.1
IcewarpEmail Server4.2.2
IcewarpEmail Server4.2.3
IcewarpEmail Server4.4.1
IcewarpEmail Server4.4.2
IcewarpEmail Server4.10.040
IcewarpEmail Server4.10.050
IcewarpEmail Server5.1.2
IcewarpEmail Server5.1.3
IcewarpEmail Server5.1.5
IcewarpEmail Server5.3.0
IcewarpEmail Server5.3.2
IcewarpEmail Server5.4.1
IcewarpEmail Server5.4.2
IcewarpEmail Server5.4.3
IcewarpEmail Server5.4.4
IcewarpEmail Server5.5.3
IcewarpEmail Server5.5.4

Showing 50 of 176 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2009-1468?
Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) sql and (2) order_by elements in an XML search query.
How severe is CVE-2009-1468?
Severity scoring for CVE-2009-1468 is pending analysis. The EPSS model estimates a 1.93% probability of exploitation in the next 30 days.
How do I fix CVE-2009-1468?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-1468?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST