CVE-2019-7484

MEDIUM

SonicWall SMA100 <9.0.0.3 - SQL Injection

Title source: llm

Description

Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier.

References (1)

[Vendor Advisory] https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0019

Scores

CVSS v3 6.5

EPSS 0.0048

EPSS Percentile 64.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-89

Status published

Affected Products (1)

sonicwall/sma_100_firmware < 9.0.0.3

Timeline

Published Dec 19, 2019

Tracked Since Feb 18, 2026