Lucene search

PRIOn knowledge basePRION:CVE-2009-1468

HistoryMay 05, 2009 - 8:30 p.m.

Sql injection

2009-05-0520:30:00

PRIOn knowledge base

www.prio-n.com

8.7 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

21.6%

JSON

Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) sql and (2) order_by elements in an XML search query.

CPENameOperatorVersion
email_servereq2.10.340
email_servereq5.9.4
email_servereq2.10.115
email_servereq4.2.3
email_servereq7.0.1
email_servereq4.10.040
email_servereq4.10.050
email_servereq2.10.360
email_servereq5.8.2
email_servereq3.00.140

Name	Operator	Version
email_server	eq	2.10.340
email_server	eq	5.9.4
email_server	eq	2.10.115
email_server	eq	4.2.3
email_server	eq	7.0.1
email_server	eq	4.10.040
email_server	eq	4.10.050
email_server	eq	2.10.360
email_server	eq	5.8.2
email_server	eq	3.00.140

Rows per page:

1-10 of 1761

References

osvdb.org/54228

www.securityfocus.com/archive/1/503226/100/0/threaded

www.securityfocus.com/bid/34820

www.securitytracker.com/id?1022169

www.vupen.com/english/advisories/2009/1253

www.redteam-pentesting.de/advisories/rt-sa-2009-003

8.7 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

21.6%

JSON

Related for PRION:CVE-2009-1468