SonicWall Warns of Severe GMS SQL Injection Vulnerability


SonicWall, a provider of network security appliances has warned that a significant vulnerability in its Global Management System (GMS) software exposes companies to remote hacker attacks.

According to SonicWall’s description of the problem, the vulnerability, which has a critical-severity rating of CVSS 9.4, gives a mechanism for a remote attacker to carry out arbitrary SQL queries in the database. Due to improper data sanitization, there is a vulnerability that might allow a remote, unauthenticated attacker to submit the impacted application a specially crafted request and run arbitrary SQL statements inside the application database.

This advisory claims that a remote attacker can successfully exploit the SonicWall GMS security flaw to take total control of the impacted application.

Read More: SonicWall Warns of Critical GMS SQL Injection Vulnerability