SQL Injection Vulnerabilities in McAfee Email Gateway
CVE-2013-7092

Currently unrated

Key Information:

Vendor: Mcafee
Status: Email Gateway
Vendor: CVE Published:; 13 December 2013

Summary

Multiple SQL injection flaws have been identified in McAfee Email Gateway 7.6, specifically within the /admin/cgi-bin/rpc/doReport/18 endpoint. These vulnerabilities can be exploited by remote authenticated users to execute arbitrary SQL commands through specific JSON keys such as events_col, event_id, reason, events_order, emailstatus_order, and emailstatus_col. An attacker leveraging these weaknesses could manipulate the application's database, potentially leading to unauthorized access and data exposure.

References

http://packetstormsecurity.com/files/124277/McAfee-Email-...

x_refsource_MISC

http://www.securityfocus.com/bid/64150

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/90161

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Dec 13, 2013
Vulnerability Reserved
Dec 13, 2013