|
Description
|
|
A vulnerability has been reported in Cyberoam UTM, which can be exploited by malicious users to conduct SQL injection attacks.
Input passed to the "tableid" parameter in corporate/Controller (when "mode" is set to "301" and "sort" and "dir" are set) is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation requires administrative privileges.
The vulnerability is reported in devices with firmware versions prior to 10.01.2 build 059.
|
