CVE-2012-3951

Plixer Scrutinizer <= 9.0.1.19899 - Unauthenticated SQL Injection via Default MySQL Credentials

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-3951. PoCs published by Metasploit, MC, Jonathan Claudius, Tanya Secker, sinn3r, including Metasploit module exploits/windows/mysql/scrutinizer_upload_exec.

AI-analyzed exploit summary This Metasploit module exploits default MySQL credentials in Plixer Scrutinizer NetFlow and sFlow Analyzer 9 to achieve remote code execution by uploading and executing a malicious PHP file via MySQL's DUMPFILE functionality.

Description

The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/20355

View Code ZIP pw:eip

This Metasploit module exploits default MySQL credentials in Plixer Scrutinizer NetFlow and sFlow Analyzer 9 to achieve remote code execution by uploading and executing a malicious PHP file via MySQL's DUMPFILE functionality.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Plixer Scrutinizer NetFlow and sFlow Analyzer 9.5.2 or older

Auth required

Prerequisites: Network access to MySQL port (default 3306) · Default MySQL credentials (e.g., scrutinizer:admin or scrutremote:admin) · MySQL service bound to 0.0.0.0

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by MC, Jonathan Claudius, Tanya Secker, sinn3r · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/mysql/scrutinizer_upload_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits a default MySQL credential vulnerability in Plixer Scrutinizer NetFlow and sFlow Analyzer 9. It leverages the default credentials to upload and execute arbitrary code via MySQL's DUMPFILE functionality, achieving remote code execution as SYSTEM.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Plixer Scrutinizer NetFlow and sFlow Analyzer 9.5.2 or older

Auth required

Prerequisites: Network access to MySQL port (default 3306) · Default MySQL credentials (e.g., scrutinizer:admin or scrutremote:admin) · MySQL service bound to 0.0.0.0

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt

Third Party Advisory x_refsource_misc

http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html

Scores

EPSS 0.5293

EPSS Percentile 98.8%

Details

CWE

CWE-89

Status published

Products (1)

sonicwall/scrutinizer < 9.0.1.19899

Published Jul 31, 2012

Tracked Since Feb 18, 2026