Vulnerability CVE-2012-2962


Published: 2012-07-30

Description:
SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Dell SonicWALL Scrutinizer 9.0.1 (statusFilter.php q parameter) SQL Injection
muts
22.07.2012
Med.
Dell SonicWALL Scrutinizer 9 SQL Injection
sinn3r
03.08.2012

Type:

CWE-89

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

Vendor: DELL
Product: Sonicwall scrutinizer with flow analytics module 
Version:
9.5.2
9.5.0
9.0.1
9.0.0
8.6.2
Product: Sonicwall scrutinizer 
Version:
9.5.2
9.5.0
9.0.1
9.0.0
8.6.2
Vendor: Sonicwall
Product: Scrutinizer 
Version:
9.5.0
9.0.1
9.0.0
8.6.2

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.exploit-db.com/exploits/20033
http://www.kb.cert.org/vuls/id/404051
http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html
http://www.securityfocus.com/bid/54625
http://www.sonicwall.com/shared/download/Dell_SonicWALL_Scrutinizer_Service_Bulletin_for_SQL_injection_vulnerability_CVE.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/77148

Related CVE
CVE-2019-7476
A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SSH key. This vulnerability affects GMS versions 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 and earlier.
CVE-2019-7477
A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7...
CVE-2019-7475
A vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allow unprivileged user to access advanced routing services. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 vers...
CVE-2019-7474
A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earli...
CVE-2018-9866
A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earl...
CVE-2018-3639
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access vi...
CVE-2018-5691
SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module.
CVE-2016-2396
The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input.

Copyright 2019, cxsecurity.com

 

Back to Top