EUVD-2019-17020

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Vulnerability in GMS allows SQL injection via Webservice module affecting versions 8.4 to 9.1

Reporter	Title	Published	Views	Family All 7
CNVD	SonicWall Global Management System Webservice Module SQL Injection Vulnerability	30 Dec 201900:00	–	cnvd
CVE	CVE-2019-7478	30 Dec 201923:50	–	cve
Cvelist	CVE-2019-7478	30 Dec 201923:50	–	cvelist
NVD	CVE-2019-7478	31 Dec 201900:15	–	nvd
Prion	Sql injection	31 Dec 201900:15	–	prion
RedhatCVE	CVE-2019-7478	7 Jan 202609:34	–	redhatcve
SonicWall	Global Management System (GMS) Unauthorized User SQL Injection	30 Dec 201920:00	–	sonicwall

[
  {
    "enisaIdVendor": [
      {
        "id": "10d1626f-de85-3f93-b583-7d2c66fd4656",
        "vendor": {
          "name": "SonicWall"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "0ab04cd8-24aa-38fe-b89c-6248a86f01bf",
        "product": {
          "name": "GMS"
        },
        "product_version": "GMS 9.1"
      },
      {
        "id": "11a3807d-8b0d-320e-8812-1fcdfe94c15e",
        "product": {
          "name": "GMS"
        },
        "product_version": "GMS 8.4"
      },
      {
        "id": "49b601f1-8690-3b5f-acac-81773bd76a3c",
        "product": {
          "name": "GMS"
        },
        "product_version": "GMS 9.0"
      },
      {
        "id": "5827b9b6-f35e-3c3d-8899-add275b27772",
        "product": {
          "name": "GMS"
        },
        "product_version": "GMS 8.6"
      },
      {
        "id": "7204ee36-0c91-3926-b890-79ba92a7a654",
        "product": {
          "name": "GMS"
        },
        "product_version": "GMS 8.7"
      },
      {
        "id": "a7091bc6-b21b-3d73-b7bc-40ff49a510a2",
        "product": {
          "name": "GMS"
        },
        "product_version": "GMS 8.5"
      }
    ]
  }
]

Source	Link
psirt	www.psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0011
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

8.6High risk

Vulners AI Score8.6

CVSS 3.19.8

CVSS 27.5

EPSS0.00478

gms vulnerability sql injection unauthenticated access webservice module versions 8.4 to 9.1