Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2962

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2012-2962
Last Modified 31 Jul 2012 11:18:07
Published 30 Jul 2012 06:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-2962

Summary

SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter.

Vulnerable Systems

Application

  • Dell Sonicwall Scrutinizer 8.6.2

  • Dell Sonicwall Scrutinizer 9.0.0

  • Dell Sonicwall Scrutinizer 9.0.1

  • Dell Sonicwall Scrutinizer 9.5.0

  • Dell Sonicwall Scrutinizer With Flow Analytics Module 8.6.2

  • Dell Sonicwall Scrutinizer With Flow Analytics Module 9.0.0

  • Dell Sonicwall Scrutinizer With Flow Analytics Module 9.0.1

  • Dell Sonicwall Scrutinizer With Flow Analytics Module 9.5.0


References

CERT-VN - VU#404051

XF - scrutinizer-statusfilter-sql-injection(77148)

CONFIRM - http://www.sonicwall.com/shared/download/Dell_SonicWALL_Scrutinizer_Service_Bulletin_for_SQL_injection_vulnerability_CVE.pdf

BID - 54625

OSVDB - 84232

EXPLOIT-DB - 20033

SECUNIA - 50052

CONFIRM - http://http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html

CONFIRM - http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html


Last Updated: 27 May 2016 10:55:01