This non-profit organization regularly puts out a list of top 10 threats against websites. SQLi has remained the number one threat to websites for years, according to records from the Open Web Application Security Project (OWASP).
An SQL injection can be done via the use of automated tools, such as Havij, or by manually inserting specific SQL codes in forms or text boxes, such as on a website's search box. Threat actors normally use this attack to expose the security gaps in websites. While there are no workarounds for this vulnerability in both affected products, SonicWall advises clients to incorporate a Web Application Firewall (WAF) to protect their web applications from common exploits and vulnerabilities, including SQL injections.Īn SQL injection (SQLi) is a well-known, old-school injection attack that has been around for more than 15 years. ~ SonicWall advisoryĬlients using Analytics 2.5.0.3-2520 or earlier and/or GMS 9.3.1-SP2-Hotfix1 or earlier are advised to update to their patched versions, Analytics 2.5.0.3-2520-Hotfix1 and GMS 9.3.1-SP2-Hotfix-2, respectively. SonicWall PSIRT strongly suggests that organizations using the Analytics On-Prem version outlined below should upgrade to the respective patched version immediately. No reports of a proof of concept (PoC) have been made public, and malicious use of this vulnerability has not been reported to SonicWall," said SonicWall in the security notice. "SonicWall PSIRT is not aware of active exploitation in the wild. CVE-2022-22280 can be exploited from the network without user interaction nor does it require any authentication. With the high capability of damage, this vulnerability has low attack complexity, meaning that anyone with little know-how of SQL injection can pull this off. The flaw, which is tracked as CVE-2022-22280, is given a 9.4 critical rating. Cybersecurity hardware company, SonicWall, recently released a public security notice about a critical SQL injection flaw affecting its GMS (Global Management System) and Analytics On-Prem products.
0 kommentar(er)
