What is CVE-2014-4977?

CVE-2014-4977 is a vulnerability in Sonicwall Scrutinizer, classified under SQL Injection. Published 2014-07-16.

Is CVE-2014-4977 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Sonicwall Scrutinizer

CVE-2014-4977

Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the…

Vulnerability class: SQL Injection

EPSS: 0.845 (99.3th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Scrutinizer — versions 11.0.1
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

39836 (exploit, Third Party Advisory, VDB Entry, x_refsource_EXPLOIT-DB)
20140710 Dell Scrutinizer 11.01 multiple vulnerabilities (mailing-list, x_refsource_FULLDISC, Mailing List, Third Party Advisory)
cve@mitre.org (VDB Entry, Third Party Advisory, x_refsource_MISC)
cve@mitre.org (VDB Entry, Third Party Advisory, x_refsource_MISC)
dell-scrutinizer-admin-sql-injection(94439) (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_XF)
68495 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
cve@mitre.org (Third Party Advisory, x_refsource_MISC)
cve@mitre.org (Exploit, Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2014-4977?: CVE-2014-4977 is a vulnerability in Sonicwall Scrutinizer, classified under SQL Injection. Published 2014-07-16.
Is CVE-2014-4977 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.