CVE-2013-7092

McAfee Email Gateway 7.6 - SQL Injection

Title source: llm

Description

Multiple SQL injection vulnerabilities in /admin/cgi-bin/rpc/doReport/18 in McAfee Email Gateway 7.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) events_col, (2) event_id, (3) reason, (4) events_order, (5) emailstatus_order, or (6) emailstatus_col JSON keys.

References (5)

[Exploit] http://packetstormsecurity.com/files/124277/McAfee-Email-Gateway-7.6-Command-Execution-SQL-Injection.html

[Exploit] http://seclists.org/fulldisclosure/2013/Dec/18

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/90161

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/64150

[Third Party Advisory, VDB Entry] http://osvdb.org/100582

Scores

EPSS 0.0047

EPSS Percentile 64.4%

Classification

CWE

CWE-89

Status draft

Affected Products (1)

mcafee/email_gateway

Timeline

Published Dec 13, 2013

Tracked Since Feb 18, 2026