cve/2019/CVE-2019-12989.md

CVE-2019-12989

Description

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.

POC

Reference

• http://packetstormsecurity.com/files/153638/Citrix-SD-WAN-Appliance-10.2.2-Authentication-Bypass-Remote-Command-Execution.html
• http://packetstormsecurity.com/files/153638/Citrix-SD-WAN-Appliance-10.2.2-Authentication-Bypass-Remote-Command-Execution.html
• https://www.tenable.com/security/research/tra-2019-32
• https://www.tenable.com/security/research/tra-2019-32

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/Ostorlab/KEV
• https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors