[+] Title: IceWarp WebClient [+] Author: veyselxan [+] Vendor Homepage:https://www.icewarp.com/ [+] Tested on: Windows 10 [+] Versions: 13.0.2.9 [+] Fix version: DC2 - Update 2 Build 10 (13.0.2.10) [+] Vulnerability Type: SQL injection [+] Vulnerable Parameter: "search" [+] Vulnerable File: webmail/server/webmail.php [+] Cve:CVE-2022-35115 IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) was discovered to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php.