Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.
References
Link | Resource |
---|---|
https://bugs.debian.org/1000156 | Mailing List Patch |
https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1 | Patch |
https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa | Patch |
https://lists.debian.org/debian-lts-announce/2021/12/msg00004.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDVGIZMQJ5IOM47Y3SAAJRN5VPANKTKO/ | Mailing List Release Notes |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TP3Y5RXTUUOUODNG7HFEKWYNIPIT2NL4/ | Mailing List Release Notes |
https://www.debian.org/security/2021/dsa-5013 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
27 Jun 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugs.debian.org/1000156 - Mailing List, Patch | |
References | () https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1 - Patch | |
References | () https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa - Patch | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDVGIZMQJ5IOM47Y3SAAJRN5VPANKTKO/ - Mailing List, Release Notes | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TP3Y5RXTUUOUODNG7HFEKWYNIPIT2NL4/ - Mailing List, Release Notes |
07 Nov 2023, 03:39
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2021-11-19 04:15
Updated : 2024-06-27 19:15
NVD link : CVE-2021-44026
Mitre link : CVE-2021-44026
CVE.ORG link : CVE-2021-44026
JSON object : View
Products Affected
roundcube
- webmail
debian
- debian_linux
fedoraproject
- fedora
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')