SQL Injection in Sonicwall Gms

CVE-2019-7478

A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions GMS 8.4, 8.5, 8.6, 8.7, 9.0 and 9.1.

Vulnerability class: SQL Injection

EPSS: 0.005 (65.4th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Gms — versions GMS 8.4, GMS 8.5, GMS 8.6

Weakness classification (CWE)

CWE-89 — SQL Injection

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0011 (x_refsource_CONFIRM)