HTTP: SonicWall GMS and Analytics detectInjection SQL Injection
This signature detects attempts to exploit a known vulnerability against SonicWall GMS and Analytics. A successful attack can lead to command injection and arbitrary code execution.
Extended Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Affected Products
Sonicwall global_management_system
References
CVE: CVE-2023-34133
Short Name
HTTP:SQL:INJ:SONICWAL-GMS-SQLI
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Analytics CVE-2023-34133 GMS Injection SQL SonicWall and detectInjection
Release Date
09/15/2023
Supported Platforms
srx-branch-12.3
srx-branch-19.3
vsrx3bsd-19.2
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
srx-19.4
vsrx-12.3
srx-12.3
vsrx-19.2
srx-19.3
Sigpack Version
3813
False Positive
Rarely
Vendors
Sonicwall