CVE-2013-7092

Name of the Vulnerable Software and Affected Versions McAfee Email Gateway version 7.6

Description The issue concerns SQL injection vulnerabilities in the /admin/cgi-bin/rpc/doReport/18 endpoint. Remote authenticated users can execute arbitrary SQL commands by manipulating specific JSON keys, including events col, event id, reason, events order, emailstatus order, and emailstatus col.

Recommendations For McAfee Email Gateway version 7.6, consider restricting access to the /admin/cgi-bin/rpc/doReport/18 endpoint until a fix is available. As a temporary workaround, avoid using the vulnerable JSON keys in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.