cbcvebase.
CVE-2008-1094
published 2008-12-19

CVE-2008-1094: SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators…

PriorityP337medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
1.98%
78.1th percentile
SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
barracuda_networksbarracuda_spam_firewall<= 3.5.11.020
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.