Lucene search

PRIOn knowledge basePRION:CVE-2008-1094

HistoryDec 19, 2008 - 5:30 p.m.

Sql injection

2008-12-1917:30:00

PRIOn knowledge base

www.prio-n.com

8.4 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

52.9%

JSON

SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter.

CPENameOperatorVersion
barracuda_spam_firewallle3.5.11.020

CPE	Name	Operator	Version
	barracuda_spam_firewall	le	3.5.11.020

References

dcsl.ul.ie/advisories/02.htm

secunia.com/advisories/33164

securityreason.com/securityalert/4793

securitytracker.com/id?1021455

www.barracudanetworks.com/ns/support/tech_alert.php

www.securityfocus.com/archive/1/499293/100/0/threaded

www.exploit-db.com/exploits/7496

8.4 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

52.9%

JSON

Related for PRION:CVE-2008-1094