CVE-2019-7484 — SQL Injection in SMA 100 Firmware

CWE-89 — SQL Injection CWE-1230 — Exposure of Sensitive Information Through Metadata4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 40.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sonicwall SMA 100 Firmware Sonicwall Sma100

Timeline

PublishedDec 19

Latest updateAug 14

Description

Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDsonicwall/sma_100_firmware9.0.0.3

▶CVEListV5sonicwall/sma1009.0.0.3 and earlier

🔴Vulnerability Details

GHSA

GHSA-w9gv-xc92-5q49: Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI script↗2022-05-24

▶

CVEList

CVE-2019-7484: Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI script↗2019-12-19

▶

📋Vendor Advisories

Red Hat

postgresql: PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table↗2025-08-14

▶