Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-1094

CWE-89 — SQL Injection4 documents4 sources
Severity
6.5MEDIUM
EPSS
1.0%
top 22.68%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Barracuda Networks Barracuda Spam Firewall
Timeline
PublishedDec 19
Latest updateMay 1

Description

SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-mj85-5p2g-9hc4: SQL injection vulnerability in index↗2022-05-01
â–¶
CVEList
CVE-2008-1094: SQL injection vulnerability in index↗2008-12-19
â–¶

💥Exploits & PoCs

1
Exploit-DB
Barracuda Spam Firewall 3.5.11.020 Model 600 - SQL Injection↗2008-12-16
â–¶
CVE-2008-1094 (MEDIUM CVSS 6.5) | SQL injection vulnerability in inde | cvebase.io