CVE-2012-2962
CVE-2012-2962
Vexday Risk Score
50Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 66.8%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Lifecycle
22 Jul 2012Metasploit module available
22 Jul 2012Public PoC
30 Jul 2012Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencewww.exploit-db.com/exploits/20033unverifiedexploitdbwww.exploit-db.com/exploits/20033unverifiedexploitdbwww.exploit-db.com/exploits/20204unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://secunia.com/advisories/50052https://exchange.xforce.ibmcloud.com/vulnerabilities/77148http://www.exploit-db.com/exploits/20033http://www.kb.cert.org/vuls/id/404051http://www.osvdb.org/84232http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.htmlhttp://www.securityfocus.com/bid/54625http://www.sonicwall.com/shared/download/Dell_SonicWALL_Scrutinizer_Service_Bulletin_for_SQL_injection_vulnerability_CVE.pdf