Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Barracuda 'index.cgi' SQL注入漏洞
Vulnerability Description
Barracuda Spam Firewall是用于保护邮件服务器的集成硬件和软件垃圾邮件解决方案。 Barracuda防火墙的index.cgi中存在SQL注入漏洞。如果将filter_x参数设置为search_count_equals值的话,则在Account View部分过滤用户帐号时pattern_x参数允许注入任意SQL代码。此外向index.cgi提交恶意的Policy Name等字段还可以导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A