Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Roundcube Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2021-44026 - Vulnerability Database
Roundcube

Roundcube Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2021-44026

Critical
Reference: CVE-2021-44026
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-44026
Title: Roundcube Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.