Tuesday, November 22, 2011

SonicWALL Aventail 'CategoryID' Parameter SQL Injection Vulnerability

Detail of POC can be viewed

SonicWALL Aventail is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

Attackers can use a browser to exploit this issue.

The following example URI is available:


No comments:

Post a Comment