CVE-2008-1094
published 2008-12-19CVE-2008-1094: SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators…
PriorityP337medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
1.98%
78.1th percentile
SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| barracuda_networks | barracuda_spam_firewall | <= 3.5.11.020 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://dcsl.ul.ie/advisories/02.htmhttp://secunia.com/advisories/33164http://securityreason.com/securityalert/4793http://securitytracker.com/id?1021455http://www.barracudanetworks.com/ns/support/tech_alert.phphttp://www.securityfocus.com/archive/1/499293/100/0/threadedhttps://www.exploit-db.com/exploits/7496http://dcsl.ul.ie/advisories/02.htmhttp://secunia.com/advisories/33164http://securityreason.com/securityalert/4793http://securitytracker.com/id?1021455http://www.barracudanetworks.com/ns/support/tech_alert.phphttp://www.securityfocus.com/archive/1/499293/100/0/threadedhttps://www.exploit-db.com/exploits/7496
2008-12-19
Published