Bperry

**Name of the Vulnerable Software and Affected Versions** Dell SonicWall Scrutinizer version 11.0.1 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This can be achieved via several parameters in different API endpoints and functions, including the `selectedUserGroup` parameter in a create new user request to "cgi-bin/admin.cgi", the `user id` parameter in the `changeUnit` function, the `methodDetail` parameter in the `methodDetail` function, or the `xcNetworkDetail` parameter in the `xcNetworkDetail` function in "d4d/exporters.php". **Recommendations** For Dell SonicWall Scrutinizer version 11.0.1, consider disabling the `changeUnit` function, the `methodDetail` function, and the `xcNetworkDetail` function until a patch is available. Restrict access to the "cgi-bin/admin.cgi" and "d4d/exporters.php" modules to minimize the risk of exploitation. Avoid using the `selectedUserGroup`, `user id`, `methodDetail`, and `xcNetworkDetail` parameters in the affected API endpoints and functions until the issue is resolved.