Computer Security

CVE-2009-1468
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



CVECVE-2009-1468
StatusCandidate
DescriptionMultiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) sql and (2) order_by elements in an XML search query.
SeverityMedium
CVSS score6,5
CVSS vector(AV:N/AC:L/Au:S/C:P/I:P/A:P)
PhaseAssigned (16.05.2009)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1468
ReferencesBID : 34820
 BUGTRAQ : 20090505 [RT-SA-2009-003] IceWarp WebMail Server: SQL Injection in Groupware Component
 MISC : http://www.redteam-pentesting.de/advisories/rt-sa-...
SecurityVulns:Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server