Vulnerability Details CVE-2012-2962
SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.903
EPSS Ranking 99.6%
CVSS Severity
CVSS v2 Score 6.5
References
- http://secunia.com/advisories/50052
- http://www.exploit-db.com/exploits/20033
- http://www.kb.cert.org/vuls/id/404051
- http://www.osvdb.org/84232
- http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html
- http://www.securityfocus.com/bid/54625
- http://www.sonicwall.com/shared/download/Dell_SonicWALL_Scrutinizer_Service_Bulletin_for_SQL_injection_vulnerability_CVE.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77148
- http://secunia.com/advisories/50052
- http://www.exploit-db.com/exploits/20033
- http://www.kb.cert.org/vuls/id/404051
- http://www.osvdb.org/84232
- http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html
- http://www.securityfocus.com/bid/54625
- http://www.sonicwall.com/shared/download/Dell_SonicWALL_Scrutinizer_Service_Bulletin_for_SQL_injection_vulnerability_CVE.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77148
Products affected by CVE-2012-2962
-
cpe:2.3:a:sonicwall:scrutinizer:8.6.2
-
cpe:2.3:a:sonicwall:scrutinizer:9.0.0
-
cpe:2.3:a:sonicwall:scrutinizer:9.0.1
-
cpe:2.3:a:sonicwall:scrutinizer:9.0.1.19899
-
cpe:2.3:a:sonicwall:scrutinizer:9.5.0