Tuesday, May 13, 2025
Follow us On Linkedin
HomeCVE/vulnerabilityCritical SonicWall Vulnerability Allows SQL Injection - Patch Now!

Critical SonicWall Vulnerability Allows SQL Injection – Patch Now!

CVE/vulnerability

Published on

By Balaji
Critical SonicWall Vulnerability Allows SQL Injection – Patch Now!

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

A critical SQL injection (SQLi) vulnerability was recently patched by the network security company SonicWall as a result of a new update. 

The company’s Analytics On-Premise and Global Management System (GMS) products are affected by this critical flaw and as a result, they must be updated.

CVE-2022-22280 has been assigned to the flaw which has been tracked. Due to the fact that the special elements used in SQL commands are not neutralized appropriately, this vulnerability allows SQL injection.

- Advertisement - Google News

There is a strong recommendation from SonicWall PSIRT for organizations to upgrade to the appropriately patched version as soon as possible.

Flaw Profile

  • CVE: CVE-2022-22280
  • CVSS v3 9.4
  • Severity: Critical
  • Summary: Unauthenticated SQL Injection In Sonicwall GMS and Analytics
  • Advisory ID: SNWLID-2022-0007

Affected Products & Versions

Here below we have mentioned the affected products and versions below:-

  • GMS: 9.3.1-SP2-Hotfix1 and earlier versions
  • Analytics: 2.5.0.3-2520 and earlier versions

In an effort to clarify the statement, SonicWall has claimed that it is not aware of any active exploits in the wild that have been reported. In short, this vulnerability has not even been exploited as of yet and there is no proof of concept exploit available for it.

This flaw has been discovered and reported by H4lo and Catalpa of the DBappSecurity HAT lab, which affects versions 2.5.0.3-2520 and earlier.

It is strongly recommended that organizations relying on devices that are vulnerable should upgrade to the fixed version:-

  • Analytics 2.5.0.3-2520-Hotfix1 
  • GMS 9.3.1-SP2-Hotfix-2

SQL injections are a type of bug in which an attacker can modify a legitimate SQL query in order to gain access to its contents. 

Then inputs a string of specially crafted code into the form or URL query variables of a web page and performs unexpected behavior based on the input.

In the current state of things, this vulnerability doesn’t have a workaround in place. For attackers to be prevented from exploiting the vulnerability, it is essential that the necessary security updates and mitigations be applied.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

cyber security

Researchers Uncover Remote IT Job Fraud Scheme Involving North Korean Nationals

The United States indicted fourteen North Korean nationals for orchestrating a sophisticated scheme to...
cyber security

Attackers Leverage Unpatched Output Messenger 0‑Day to Deliver Malicious Payloads

A Türkiye-affiliated espionage threat actor, tracked by Microsoft Threat Intelligence as Marbled Dust (also...
cyber security

Cobalt Strike 4.11.1 Released With SSL Checkbox Fix

Cobalt Strike has announced the release of version 4.11.1, an out-of-band update addressing several...
Apple

Apple Releases Security Patches to Fix Critical Data Exposure Flaws

Apple released critical security updates for macOS Sequoia 15.5 on May 12, 2025, addressing...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

Register Now

More like this

CVE/vulnerability

PoC Code Published for Linux nftables Security Vulnerability

Security researchers have published proof-of-concept (PoC) exploit code for CVE-2024-26809, a high-severity double-free vulnerability in...
CVE/vulnerability

Cisco IOS XE Vulnerability Allows Attackers to Gain Elevated Privileges

Cisco has issued an urgent security advisory (ID: cisco-sa-iosxe-privesc-su7scvdp) following the discovery of multiple...
CVE/vulnerability

Cisco IOS, XE, and XR Vulnerability Allows Remote Device Reboots

 Cisco has issued an urgent security advisory (cisco-sa-twamp-kV4FHugn) warning of a critical vulnerability in...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved