Critical SonicWall Flaw Allows SQL injection

A critical SQL injection (SQLi) vulnerability was recently patched by the network security company SonicWall as a result of a new update.

The company’s Analytics On-Premise and Global Management System (GMS) products are affected by this critical flaw and as a result, they must be updated.

CVE-2022-22280 has been assigned to the flaw which has been tracked. Due to the fact that the special elements used in SQL commands are not neutralized appropriately, this vulnerability allows SQL injection.

- Advertisement -

There is a strong recommendation from SonicWall PSIRT for organizations to upgrade to the appropriately patched version as soon as possible.

Flaw Profile

CVE: CVE-2022-22280
CVSS v3 9.4
Severity: Critical
Summary: Unauthenticated SQL Injection In Sonicwall GMS and Analytics
Advisory ID: SNWLID-2022-0007

Affected Products & Versions

Here below we have mentioned the affected products and versions below:-

GMS: 9.3.1-SP2-Hotfix1 and earlier versions
Analytics: 2.5.0.3-2520 and earlier versions

In an effort to clarify the statement, SonicWall has claimed that it is not aware of any active exploits in the wild that have been reported. In short, this vulnerability has not even been exploited as of yet and there is no proof of concept exploit available for it.

This flaw has been discovered and reported by H4lo and Catalpa of the DBappSecurity HAT lab, which affects versions 2.5.0.3-2520 and earlier.

It is strongly recommended that organizations relying on devices that are vulnerable should upgrade to the fixed version:-

Analytics 2.5.0.3-2520-Hotfix1
GMS 9.3.1-SP2-Hotfix-2

SQL injections are a type of bug in which an attacker can modify a legitimate SQL query in order to gain access to its contents.

Then inputs a string of specially crafted code into the form or URL query variables of a web page and performs unexpected behavior based on the input.

In the current state of things, this vulnerability doesn’t have a workaround in place. For attackers to be prevented from exploiting the vulnerability, it is essential that the necessary security updates and mitigations be applied.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates.

Critical SonicWall Vulnerability Allows SQL Injection – Patch Now!

Supply Chain Attack Prevention

Follow Us on Google News

Flaw Profile

Affected Products & Versions

Latest articles

Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges in Organizational Environments

Threat Actors Exploit Google Apps Script to Host Phishing Sites

Dadsec Hacker Group Uses Tycoon2FA Infrastructure to Steal Office365 Credentials

Beware: Weaponized AI Tool Installers Infect Devices with Ransomware

Resilience at Scale

Why Application Security is Non-Negotiable

Discussion points

More like this

Severe WSO2 SOAP Flaw Allows Unauthorized Password Resets for Any Use

CISA Alerts on Threat Actors Targeting Commvault Azure App to Steal Secrets

PoC Code Published for Linux nftables Security Vulnerability

How To Access Dark Web Anonymously and know its Secretive and Mysterious Activities

How to Build and Run a Security Operations Center (SOC Guide) – 2023

Network Penetration Testing Checklist – 2025