Loading
Generated remediation guidance and an executive summary. No account required.
SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter.
Use CWE-89, Barracuda Networks vendor hub and Barracuda Spam Firewall product page to widen CVE-2008-1094 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2007-1673, CVE-2007-1669 and CVE-2006-4081 for nearby disclosures in the same product family. Additional editorial context is available in Why “Low” and “Medium” CVEs Still Breach Networks.