CVE-2014-4977

Currently unrated

Key Information:

Vendor: Sonicwall
Status: Scrutinizer
Vendor: CVE Published:; 16 July 2014

Summary

Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php.

References

https://www.exploit-db.com/exploits/39836/

exploitx_refsource_EXPLOIT-DB

http://seclists.org/fulldisclosure/2014/Jul/44

mailing-listx_refsource_FULLDISC

http://packetstormsecurity.com/files/137098/Dell-SonicWAL...

x_refsource_MISC

EPSS Score

96% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 16, 2014
Vulnerability Reserved
Jul 16, 2014

Collectors

NVD DatabaseMitre Database