CVE-2018-12464— Micro Focus Secure Messaging Gateway Web administration和quarantine组件SQL注入漏洞

Unauthenticated SQL injection in Micro Focus Secure Messaging Gateway

A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5).

N/A

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

Micro Focus Secure Messaging Gateway Web administration和quarantine组件SQL注入漏洞

Micro Focus Secure Messaging Gateway（SMG）是英国Micro Focus公司的一套企业网络和消息系统出、入站保护软件。该产品包括病毒防护、反垃圾邮件、防DDos攻击和图像分析等功能。Web administration是其中的一个基于Web的管理组件；quarantine是其中的一个文件隔离组件。 Micro Focus SMG 471之前版本中的Web administration和quarantine组件存在SQL注入漏洞。远程攻击者可利用该漏洞执行任意的SQL语

N/A

N/A