Summary
This host is running SonicWall Viewpoint and is prone to sql injection vulnerability.
Impact
Successful exploitation will let attackers to manipulate SQL queries by injecting arbitrary SQL code.
Impact Level: Application
Solution
Apply SonicWALL Viewpoint hotfix 104767 from below link, For updates refer to https://www.mysonicwall.com/
Insight
Input passed to 'scheduleID' parameter in
'sgms/reports/scheduledreports/configure/scheduleProps.jsp' page is not properly verified before being used in SQL queries.
Affected
SonicWALL Viewpoint 6.0 SP2 and prior versions
References
- http://osvdb.org/76185
- http://packetstormsecurity.org/files/105493/SonicWall-Viewpoint-6.0-SP2-Blind-SQL-Injection.html
- http://seclists.org/bugtraq/2011/Oct/5
- http://secunia.com/advisories/46115
- http://www.sonicwall.com/app/projects/file_downloader/document_lib.php?t=RN&id=379
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-5169 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities