CVE-2015-5452 Information

Feb 14, 2021 cve

Description

SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie as demonstrated by a request to borderpost/imp/compose.php3.

Reference

http://packetstormsecurity.com/files/132498/Watchguard-XCS-10.0-SQL-Injection-Command-Execution.html http://packetstormsecurity.com/files/133721/Watchguard-XCS-Remote-Command-Execution.html http://www.rapid7.com/db/modules/exploit/freebsd/http/watchguard_cmd_exec http://www.security-assessment.com/files/documents/advisory/Watchguard-XCS-final.pdf http://www.securityfocus.com/bid/75516 http://www.watchguard.com/support/release-notes/xcs/10/en-US/EN_Release_Notes_XCS_v10_0_Security_Hotfix/EN_Release_Notes_XCS_v10_0_Security_Hotfix.pdf http://www.watchguard.com/support/release-notes/xcs/9/en-US/EN_ReleaseNotes_XCS_9_2_Security_Hotfix/EN_Release_Notes_XCS_v9_2_Security_Hotfix.pdf https://www.exploit-db.com/exploits/38346/

Share on: