SQL Injection Vulnerability in WatchGuard XCS by WatchGuard
CVE-2015-5452

Currently unrated

Key Information:

Vendor

Watchguard

Status
Xcs
Vendor
CVE Published:
8 July 2015

What is CVE-2015-5452?

A SQL injection vulnerability exists in WatchGuard's XCS product line, specifically in versions 9.2 and 10.0 prior to build 150522. This vulnerability enables remote attackers to execute arbitrary SQL commands by manipulating the 'sid' cookie. Attackers can exploit this flaw by sending crafted requests to the 'borderpost/imp/compose.php3' endpoint, leading to unauthorized database interactions and information exposure. Organizations using affected versions should apply the latest security hotfixes to mitigate potential risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.watchguard.com/support/release-notes/xcs/9/en-...
x_refsource_CONFIRM
https://www.exploit-db.com/exploits/38346/
exploitx_refsource_EXPLOIT-DB
http://packetstormsecurity.com/files/132498/Watchguard-XC...
x_refsource_MISC

EPSS Score

31% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.