CVE-2012-2962
medium
CVSS v3
—
CVSS v2
6.5
VIR risk
6.5
Description
SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cret@cert.org — http://www.sonicwall.com/shared/download/Dell_SonicWALL_Scrutinizer_Service_Bulletin_for_SQL_injection_vulnerability_CVE.pdf
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| sonicwall | scrutinizer | {"endExcluding":"9.5.2"} | 9.5.2 |
References
- http://secunia.com/advisories/50052
- http://www.exploit-db.com/exploits/20033
- http://www.kb.cert.org/vuls/id/404051
- http://www.osvdb.org/84232
- http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html
- http://www.securityfocus.com/bid/54625
- http://www.sonicwall.com/shared/download/Dell_SonicWALL_Scrutinizer_Service_Bulletin_for_SQL_injection_vulnerability_CVE.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77148
- http://secunia.com/advisories/50052
- http://www.exploit-db.com/exploits/20033
- http://www.kb.cert.org/vuls/id/404051
- http://www.osvdb.org/84232
- http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html
- http://www.securityfocus.com/bid/54625
- http://www.sonicwall.com/shared/download/Dell_SonicWALL_Scrutinizer_Service_Bulletin_for_SQL_injection_vulnerability_CVE.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77148
CWEs
CWE-89
Verify integrity in audit chain (admin only). AS-IS.