Vulnerability CVE-2012-2962


Published: 2012-07-30

Description:
SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Dell SonicWALL Scrutinizer 9.0.1 (statusFilter.php q parameter) SQL Injection
muts
22.07.2012
Med.
Dell SonicWALL Scrutinizer 9 SQL Injection
sinn3r
03.08.2012

Type:

CWE-89

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

Vendor: DELL
Product: Sonicwall scrutinizer with flow analytics module 
Version:
9.5.2
9.5.0
9.0.1
9.0.0
8.6.2
Product: Sonicwall scrutinizer 
Version:
9.5.2
9.5.0
9.0.1
9.0.0
8.6.2
Vendor: Sonicwall
Product: Scrutinizer 
Version:
9.5.0
9.0.1
9.0.0
8.6.2

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.exploit-db.com/exploits/20033
http://www.kb.cert.org/vuls/id/404051
http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html
http://www.securityfocus.com/bid/54625
http://www.sonicwall.com/shared/download/Dell_SonicWALL_Scrutinizer_Service_Bulletin_for_SQL_injection_vulnerability_CVE.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/77148

Related CVE
CVE-2019-12261
Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host.
CVE-2019-12260
Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option.
CVE-2019-12258
Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options.
CVE-2019-12255
Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow.
CVE-2019-12265
Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report.
CVE-2019-12263
Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition.
CVE-2019-12259
Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing.
CVE-2019-12257
Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc.

Copyright 2019, cxsecurity.com

 

Back to Top