Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL…
mitre·CWE-89·Published 2014-07-16
Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php.
Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php.
Múltiples vulnerabilidades de inyección SQL en Dell SonicWall Scrutinizer 11.0.1 permiten a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del (1) parámetro selectedUserGroup en una solicitud de crear un usuario nuevo en cgi-bin/admin.cgi o el (2) parámetro user_id en la función changeUnit, (3) parámetro methodDetail en la función methodDetail o (4) parámetro xcNetworkDetail en la función xcNetworkDetail en d4d/exporters.php.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 6.5 | 8.0 | 6.4 | AV:N/AC:L/Au:S/C:P/I:P/A:P |