CVE-2019-7478
CRITICALSonicWall Global Management System 8.4-9.1 - Unauthenticated SQL Injection in Webservice Module
Title source: llmDescription
A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions GMS 8.4, 8.5, 8.6, 8.7, 9.0 and 9.1.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0011
Scores
CVSS v3
9.8
EPSS
0.0048
EPSS Percentile
65.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (6)
sonicwall/global_management_system
8.4
sonicwall/global_management_system
8.5
sonicwall/global_management_system
8.6
sonicwall/global_management_system
8.7
sonicwall/global_management_system
9.0
sonicwall/global_management_system
9.1
Published
Dec 31, 2019
Tracked Since
Feb 18, 2026