CVE-2014-3857 Information

Description

Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) x_16 or (2) x_17 parameter to print.php.

Reference

http://fereidani.com/articles/show/76_kerio_control_8_3_1_boolean_based_blind_sql_injection http://osvdb.org/show/osvdb/108584 http://packetstormsecurity.com/files/127320/Kerio-Control-8.3.1-Blind-SQL-Injection.html http://secunia.com/advisories/59215 http://www.exploit-db.com/exploits/33954 http://www.kerio.com/support/kerio-control/release-history http://www.securityfocus.com/archive/1/532607/100/0/threaded