CVE-2008-1094 Information
Feb 14, 2021
cve
Description
SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action as demonstrated by the pattern_0 parameter.
Reference
http://dcsl.ul.ie/advisories/02.htm http://secunia.com/advisories/33164 http://securityreason.com/securityalert/4793 http://securitytracker.com/id?1021455 http://www.barracudanetworks.com/ns/support/tech_alert.php http://www.securityfocus.com/archive/1/499293/100/0/threaded https://www.exploit-db.com/exploits/7496
Share on: