CVE-2014-9220

OpenVAS Manager <4.0.6, <5.0.7 - SQL Injection

Title source: llm
STIX 2.1

Description

SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command.

References (5)

Core 5
Core References
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-02/msg00039.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2014/11/30/2
Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147753.html
Patch, Vendor Advisory x_refsource_confirm
http://www.openvas.org/OVSA20141128.html
Third Party Advisory x_refsource_confirm
https://www.alienvault.com/forums/discussion/4415/

Scores

EPSS 0.0207
EPSS Percentile 79.2%

Details

CWE
CWE-89
Status published
Products (10)
fedoraproject/fedora 21
opensuse/opensuse 13.2
openvas/openvas_manager 5.0.0 (14 CPE variants)
openvas/openvas_manager 5.0.1
openvas/openvas_manager 5.0.2
openvas/openvas_manager 5.0.3
openvas/openvas_manager 5.0.4
openvas/openvas_manager 5.0.5
openvas/openvas_manager 5.0.6
openvas/openvas_manager < 4.0.5
Published Dec 03, 2014
Tracked Since Feb 18, 2026