Roundcube Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2021-44026 - Vulnerability Database

Roundcube Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2021-44026

Critical

Reference: CVE-2021-44026

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-44026

Title: Roundcube Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability

Overview:

Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.