CVE-2009-1468

Name of the Vulnerable Software and Affected Versions IceWarp eMail Server and WebMail Server versions prior to 9.4.2

Description The issue concerns SQL injection vulnerabilities in the search form of the Groupware component. These vulnerabilities allow remote authenticated users to execute arbitrary SQL commands. The vulnerabilities are specifically related to the sql and order by elements in an XML search query.

Recommendations For versions prior to 9.4.2, update to version 9.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the search form in the Groupware component until the update is applied.