alm4ric
/ CVE-2019-18646 - CVE-2019-18649
Last active
November 14, 2019 11:52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Suggested description] | |
| The Untangle NG firewall 14.2.0 is vulnerable to authenticated | |
| inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user. | |
| [Additional Information] | |
| I can share the report - containing the technical details and proof of the vulnerability - which I reported to Untangle. If needed, please let me know via PGP e-mail. | |
| [Vulnerability Type] |