SQL Injection Vulnerability in Barracuda Spam Firewall by Barracuda Networks
CVE-2008-1094

Currently unrated

Key Information:

Vendor: Barracuda Networks
Status: Barracuda Spam Firewall
Vendor: CVE Published:; 19 December 2008

🔔 Create Barracuda Networks Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2008-1094?

An SQL injection vulnerability exists in the index.cgi script of the Barracuda Spam Firewall, specifically in the Account View page. The flaw allows remote authenticated administrators to execute arbitrary SQL commands by manipulating the 'pattern_x' parameter in the 'search_count_equals' action. This issue has been confirmed in versions before 3.5.12.007, potentially exposing sensitive database information and leading to unauthorized access.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2008-1094 - Proof of Concept

References

https://www.exploit-db.com/exploits/7496

exploitx_refsource_EXPLOIT-DB

http://secunia.com/advisories/33164

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/archive/1/499293/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Dec 19, 2008
👾
Exploit known to exist
Dec 19, 2008
Vulnerability published
Dec 19, 2008
Vulnerability Reserved
Feb 28, 2008

CVE-2008-1094 Data

JSON