Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2021-44026

Published: 19/11/2021 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Roundcube

Vulnerability Summary

Roundcube prior to 1.3.17 and 1.4.x prior to 1.4.12 is prone to a potential SQL injection via search or search_params.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

roundcube webmail

fedoraproject fedora 33

fedoraproject fedora 34

debian debian linux 9.0

debian debian linux 10.0

debian debian linux 11.0

Vendor Advisories

Debian CVElist Bug Report Logs: roundcube: XSS vulnerability in handling attachment filename extension in MIME type mismatch warnings
Debian Bug report logs - #1000156 roundcube: XSS vulnerability in handling attachment filename extension in MIME type mismatch warnings Package: src:roundcube; Maintainer for src:roundcube is Debian Roundcube Maintainers <pkg-roundcube-maintainers@alioth-listsdebiannet>; Reported by: Guilhem Moulin <guilhem@debianorg&gt ...
Debian Security Advisories: DSA-5013-1 roundcube -- security update
It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly sanitize requests and mail messages This would allow an attacker to perform Cross-Side Scripting (XSS) or SQL injection attacks For the oldstable distribution (buster), these problems have been fixed in version 1317+dfsg1-1~deb10u1 For ...

Github Repositories

https://github.com/pentesttoolscom/roundcube-cve-2021-44026

A demo exploit for CVE-2021-44026, a SQL injection in Roundcube

Roundcube CVE-2021-44026, a SQL injection This repository contains a demo exploit for an SQL injection in Roundcube Disclaimer: This code is intended solely for educational purposes and to assist security teams in identifying vulnerabilities in their Roundcube instances It should only be used in ethical hacking engagements in which the security professional has written author

Recent Articles

Advanced threat predictions for 2024
Securelist • GReAT • 14 Nov 2023

Advanced persistent threats (APTs) are the most dangerous threats, as they employ complex tools and techniques, and often are highly targeted and hard to detect. Amid the global crisis and escalating geopolitical confrontations, these sophisticated cyberattacks are even more dangerous, as there is often more at stake. At Kaspersky’s Global Research and Analysis Team (GReAT), we monitor a number of APT groups, analyze trends and try to anticipate their future developments to keep ahead of the e...

Read more...

References

CWE-89https://bugs.debian.org/1000156https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfahttps://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1https://www.debian.org/security/2021/dsa-5013https://lists.debian.org/debian-lts-announce/2021/12/msg00004.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TP3Y5RXTUUOUODNG7HFEKWYNIPIT2NL4/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDVGIZMQJ5IOM47Y3SAAJRN5VPANKTKO/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000156https://nvd.nist.govhttps://github.com/pentesttoolscom/roundcube-cve-2021-44026https://www.debian.org/security/2021/dsa-5013
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook