CVE-2015-5453

🗓️ 08 Jul 2015 15:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov👁 45 Views🌐 WEB

Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters

Reporter	Title	Published	Views	Family All 6
Circl	CVE-2015-5453	28 Sep 201500:00	–	circl
CNVD	Watchguard XCS Arbitrary Command Execution Vulnerability	10 Jul 201500:00	–	cnvd
Cvelist	CVE-2015-5453	8 Jul 201515:00	–	cvelist
Metasploit	Watchguard XCS Remote Command Execution	16 Sep 201511:29	–	metasploit
NVD	CVE-2015-5453	8 Jul 201515:59	–	nvd
Prion	Code injection	8 Jul 201515:59	–	prion

NVD

Node

Source	Link
exploit-db	www.exploit-db.com/exploits/38346/
packetstormsecurity	www.packetstormsecurity.com/files/132498/Watchguard-XCS-10.0-SQL-Injection-Command-Execution.html
watchguard	www.watchguard.com/support/release-notes/xcs/9/en-US/EN_ReleaseNotes_XCS_9_2_Security_Hotfix/EN_Release_Notes_XCS_v9_2_Security_Hotfix.pdf
security-assessment	www.security-assessment.com/files/documents/advisory/Watchguard-XCS-final.pdf
rapid7	www.rapid7.com/db/modules/exploit/freebsd/http/watchguard_cmd_exec
securityfocus	www.securityfocus.com/bid/75516
watchguard	www.watchguard.com/support/release-notes/xcs/10/en-US/EN_Release_Notes_XCS_v10_0_Security_Hotfix/EN_Release_Notes_XCS_v10_0_Security_Hotfix.pdf
packetstormsecurity	www.packetstormsecurity.com/files/133721/Watchguard-XCS-Remote-Command-Execution.html

Parameter	Position	Path	Description	CWE
sid	header	borderpost/imp/compose.php3	Unauthenticated SQL injection via cookie to compose.php3 enabling adding a user	CWE-77
id	query param	ADMIN/mailqueue.spl	Command injection via id parameter to mailqueue.spl enabling OS command execution	CWE-77

06 May 2026 22:30Current

7.5High risk

Vulners AI Score7.5

CVSS 26.5

EPSS0.8107