CVE-2009-1468

Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) sql and (2) order_by elements in an XML search query.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
VendorProductVersion
icewarpemail_server
𝑥
≤ 9.3.0
icewarpemail_server
2.10.105
icewarpemail_server
2.10.110
icewarpemail_server
2.10.115
icewarpemail_server
2.10.140
icewarpemail_server
2.10.150
icewarpemail_server
2.10.165
icewarpemail_server
2.10.170
icewarpemail_server
2.10.190
icewarpemail_server
2.10.200
icewarpemail_server
2.10.210
icewarpemail_server
2.10.220
icewarpemail_server
2.10.240
icewarpemail_server
2.10.250
icewarpemail_server
2.10.260
icewarpemail_server
2.10.280
icewarpemail_server
2.10.290
icewarpemail_server
2.10.310
icewarpemail_server
2.10.320
icewarpemail_server
2.10.330
icewarpemail_server
2.10.331
icewarpemail_server
2.10.340
icewarpemail_server
2.10.350
icewarpemail_server
2.10.360
icewarpemail_server
3.00.100
icewarpemail_server
3.00.110
icewarpemail_server
3.00.120
icewarpemail_server
3.00.130
icewarpemail_server
3.00.140
icewarpemail_server
3.10.011
icewarpemail_server
3.10.110
icewarpemail_server
4.00.30
icewarpemail_server
4.2.1
icewarpemail_server
4.2.2
icewarpemail_server
4.2.3
icewarpemail_server
4.4.1
icewarpemail_server
4.4.2
icewarpemail_server
4.10.040
icewarpemail_server
4.10.050
icewarpemail_server
5.1.2
icewarpemail_server
5.1.3
icewarpemail_server
5.1.5
icewarpemail_server
5.3.0
icewarpemail_server
5.3.2
icewarpemail_server
5.4.1
icewarpemail_server
5.4.2
icewarpemail_server
5.4.3
icewarpemail_server
5.4.4
icewarpemail_server
5.5.3
icewarpemail_server
5.5.4
icewarpemail_server
5.5.5
icewarpemail_server
5.5.6
icewarpemail_server
5.5.7
icewarpemail_server
5.7.3
icewarpemail_server
5.8.2
icewarpemail_server
5.8.3
icewarpemail_server
5.8.4
icewarpemail_server
5.8.5
icewarpemail_server
5.8.6
icewarpemail_server
5.9.4
icewarpemail_server
6.0.2
icewarpemail_server
6.0.3
icewarpemail_server
6.0.5
icewarpemail_server
6.0.7
icewarpemail_server
6.1.0
icewarpemail_server
6.2.1
icewarpemail_server
7.0.1
icewarpemail_server
7.1.4
icewarpemail_server
7.1.6
icewarpemail_server
7.2.0
icewarpemail_server
7.4.0
icewarpemail_server
7.4.2
icewarpemail_server
7.4.5
icewarpemail_server
7.5.2
icewarpemail_server
7.6.0
icewarpemail_server
7.6.4
icewarpemail_server
8.0.1
icewarpemail_server
8.0.2
icewarpemail_server
8.0.3
icewarpemail_server
8.2.0
icewarpemail_server
8.2.2
icewarpemail_server
8.3.5
icewarpemail_server
8.3.8
icewarpemail_server
8.5.0
icewarpemail_server
8.9.1
icewarpemail_server
9.0.0
icewarpemail_server
9.1.0
icewarpemail_server
9.2.0
icewarpwebmail_server
𝑥
≤ 9.3.0
icewarpwebmail_server
2.10.105
icewarpwebmail_server
2.10.110
icewarpwebmail_server
2.10.115
icewarpwebmail_server
2.10.140
icewarpwebmail_server
2.10.150
icewarpwebmail_server
2.10.165
icewarpwebmail_server
2.10.170
icewarpwebmail_server
2.10.190
icewarpwebmail_server
2.10.200
icewarpwebmail_server
2.10.210
icewarpwebmail_server
2.10.220
icewarpwebmail_server
2.10.240
icewarpwebmail_server
2.10.250
icewarpwebmail_server
2.10.260
icewarpwebmail_server
2.10.280
icewarpwebmail_server
2.10.290
icewarpwebmail_server
2.10.310
icewarpwebmail_server
2.10.320
icewarpwebmail_server
2.10.330
icewarpwebmail_server
2.10.331
icewarpwebmail_server
2.10.340
icewarpwebmail_server
2.10.350
icewarpwebmail_server
2.10.360
icewarpwebmail_server
3.00.100
icewarpwebmail_server
3.00.110
icewarpwebmail_server
3.00.120
icewarpwebmail_server
3.00.130
icewarpwebmail_server
3.00.140
icewarpwebmail_server
3.10.011
icewarpwebmail_server
3.10.110
icewarpwebmail_server
4.00.30
icewarpwebmail_server
4.2.1
icewarpwebmail_server
4.2.2
icewarpwebmail_server
4.2.3
icewarpwebmail_server
4.4.1
icewarpwebmail_server
4.4.2
icewarpwebmail_server
4.10.040
icewarpwebmail_server
4.10.050
icewarpwebmail_server
5.1.2
icewarpwebmail_server
5.1.3
icewarpwebmail_server
5.1.5
icewarpwebmail_server
5.3.0
icewarpwebmail_server
5.3.2
icewarpwebmail_server
5.4.1
icewarpwebmail_server
5.4.2
icewarpwebmail_server
5.4.3
icewarpwebmail_server
5.4.4
icewarpwebmail_server
5.5.3
icewarpwebmail_server
5.5.4
icewarpwebmail_server
5.5.5
icewarpwebmail_server
5.5.6
icewarpwebmail_server
5.5.7
icewarpwebmail_server
5.7.3
icewarpwebmail_server
5.8.2
icewarpwebmail_server
5.8.3
icewarpwebmail_server
5.8.4
icewarpwebmail_server
5.8.5
icewarpwebmail_server
5.8.6
icewarpwebmail_server
5.9.4
icewarpwebmail_server
6.0.2
icewarpwebmail_server
6.0.3
icewarpwebmail_server
6.0.5
icewarpwebmail_server
6.0.7
icewarpwebmail_server
6.1.0
icewarpwebmail_server
6.2.1
icewarpwebmail_server
7.0.1
icewarpwebmail_server
7.1.4
icewarpwebmail_server
7.1.6
icewarpwebmail_server
7.2.0
icewarpwebmail_server
7.4.0
icewarpwebmail_server
7.4.2
icewarpwebmail_server
7.4.5
icewarpwebmail_server
7.5.2
icewarpwebmail_server
7.6.0
icewarpwebmail_server
7.6.4
icewarpwebmail_server
8.0.1
icewarpwebmail_server
8.0.2
icewarpwebmail_server
8.0.3
icewarpwebmail_server
8.2.0
icewarpwebmail_server
8.2.2
icewarpwebmail_server
8.3.5
icewarpwebmail_server
8.3.8
icewarpwebmail_server
8.5.0
icewarpwebmail_server
8.9.1
icewarpwebmail_server
9.0.0
icewarpwebmail_server
9.1.0
icewarpwebmail_server
9.2.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/54228
http://www.redteam-pentesting.de/advisories/rt-sa-2009-003
http://www.securityfocus.com/archive/1/503226/100/0/threaded
http://www.securityfocus.com/bid/34820
http://www.securitytracker.com/id?1022169
http://www.vupen.com/english/advisories/2009/1253
http://osvdb.org/54228
http://www.redteam-pentesting.de/advisories/rt-sa-2009-003
http://www.securityfocus.com/archive/1/503226/100/0/threaded
http://www.securityfocus.com/bid/34820
http://www.securitytracker.com/id?1022169
http://www.vupen.com/english/advisories/2009/1253