CVE ID
CVE-2021-44026
Vulnerability Name
Roundcube Webmail SQL Injection Vulnerability
- Project: Roundcube
- Product: Roundcube Webmail
Date
- Date Added: 2023-06-22
- Due Date: 2023-07-13
Description
Roundcube Webmail is vulnerable to SQL injection via search or search_params.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://roundcube.net/news/2021/11/12/security-updates-1.4.12-and-1.3.17-released; https://nvd.nist.gov/vuln/detail/CVE-2021-44026
Related Security News
- APT28 Uses Signal Chat to Deploy BEARDSHELL Malware and COVENANT in Ukraine
- Hacker steals 1 million Cock.li user records in webmail data breach
- Russian hackers breach orgs to track aid routes to Ukraine
- Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics
- Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers
- Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008)
Top comments (0)