CVE-2015-5452

Watchguard XCS <10.0 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2015-5452. PoCs published by Metasploit, Security-Assessment.com.

AI-analyzed exploit summary This Metasploit module exploits an unauthenticated SQL injection to add a backdoor user and a command injection vulnerability in Watchguard XCS to achieve remote command execution as the 'nobody' user.

Description

SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to borderpost/imp/compose.php3.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotebsd

https://www.exploit-db.com/exploits/38346

View Code ZIP pw:eip

This Metasploit module exploits an unauthenticated SQL injection to add a backdoor user and a command injection vulnerability in Watchguard XCS to achieve remote command execution as the 'nobody' user.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Watchguard XCS 9.2/10.0

No auth needed

Prerequisites: Network access to the target appliance · SQL injection vulnerability in the target · Command injection vulnerability in the web interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by Security-Assessment.com · textwebappsphp

https://www.exploit-db.com/exploits/37440

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in Watchguard XCS <=10.0, including unauthenticated SQL injection, command injection, and privilege escalation. It provides proof-of-concept code for each vulnerability, allowing an attacker to gain root access on the target system.

Classification

Working Poc 100%

Attack Type

Sqli | Rce | Lpe

Complexity

Moderate

Reliability

Reliable

Target: Watchguard XCS <=10.0

No auth needed

Prerequisites: Network access to the target system · Ability to send HTTP requests to the target

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8

Core References

Vendor Advisory x_refsource_confirm

http://www.watchguard.com/support/release-notes/xcs/9/en-US/EN_ReleaseNotes_XCS_9_2_Security_Hotfix/EN_Release_Notes_XCS_v9_2_Security_Hotfix.pdf

Exploit exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/38346/

Exploit x_refsource_misc

http://packetstormsecurity.com/files/132498/Watchguard-XCS-10.0-SQL-Injection-Command-Execution.html

Exploit x_refsource_misc

http://www.rapid7.com/db/modules/exploit/freebsd/http/watchguard_cmd_exec

Exploit x_refsource_misc

http://www.security-assessment.com/files/documents/advisory/Watchguard-XCS-final.pdf

Exploit x_refsource_misc

http://packetstormsecurity.com/files/133721/Watchguard-XCS-Remote-Command-Execution.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/75516

Vendor Advisory x_refsource_confirm

http://www.watchguard.com/support/release-notes/xcs/10/en-US/EN_Release_Notes_XCS_v10_0_Security_Hotfix/EN_Release_Notes_XCS_v10_0_Security_Hotfix.pdf

Scores

EPSS 0.0342

EPSS Percentile 87.3%

Details

CWE

CWE-89

Status published

Products (2)

watchguard/xcs 9.2

watchguard/xcs 10.0

Published Jul 08, 2015

Tracked Since Feb 18, 2026