SonicWALL Aventail SSL-VPN SQL Injection Vulnerability

2011-11-17 09:15:02

================================================================================

SonicWALL Aventail SSL-VPN SQL Injection Vulnerability
================================================================================


#Date- 17/11/11

# code by Asheesh kumar Mani Tripathi



# Credit by Asheesh Anaconda



#Vulnerbility
SonicWALL Aventail SSL-VPN is prone to an SQL-injection vulnerability because the application fails to properly
sanitize user-supplied input before using it in an SQL query.

#Impact
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database


========================================================================================================================

Request
========================================================================================================================

https://example.xxx.com/prodpage.cfm?CFID=&CFTOKEN=&CategoryID=[SQL]

Fixes

No fixes

In order to submit a new fix you need to be registered.