SQL Injection Vulnerability in WatchGuard XCS by WatchGuard
CVE-2015-5452

Currently unrated

Key Information:

Vendor: Watchguard
Status: Xcs
Vendor: CVE Published:; 8 July 2015

Summary

A SQL injection vulnerability exists in WatchGuard's XCS product line, specifically in versions 9.2 and 10.0 prior to build 150522. This vulnerability enables remote attackers to execute arbitrary SQL commands by manipulating the 'sid' cookie. Attackers can exploit this flaw by sending crafted requests to the 'borderpost/imp/compose.php3' endpoint, leading to unauthorized database interactions and information exposure. Organizations using affected versions should apply the latest security hotfixes to mitigate potential risks associated with this vulnerability.

References

http://www.watchguard.com/support/release-notes/xcs/9/en-...

x_refsource_CONFIRM

https://www.exploit-db.com/exploits/38346/

exploitx_refsource_EXPLOIT-DB

http://packetstormsecurity.com/files/132498/Watchguard-XC...

x_refsource_MISC

EPSS Score

32% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 8, 2015
Vulnerability Reserved
Jul 8, 2015