cbcvebase.
CVE-2009-1468
published 2009-05-05

CVE-2009-1468: Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before…

PriorityP337medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
1.93%
77.4th percentile
Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) sql and (2) order_by elements in an XML search query.

Affected

176 ranges· showing 25
VendorProductVersion rangeFixed in
icewarpemail_server<= 9.3.0
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.