Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions prior to 9.0.1.19899, allow remote malicious users to execute arbitrary SQL commands via the (1) addip parameter to cgi-bin/scrut_fa_exclusions.cgi, (2) getPermissionsAndPreferences parameter to cgi-bin/login.cgi, or (3) possibly certain parameters to d4d/alarms.php as demonstrated by the search_str parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
plixer scrutinizer netflow \\& sflow analyzer |