CVE-2008-1094

Name of the Vulnerable Software and Affected Versions Barracuda Spam Firewall versions prior to 3.5.12.007

Description The issue allows remote authenticated administrators to execute arbitrary SQL commands. This is achieved via a pattern x parameter in a search count equals action. For example, the pattern 0 parameter can be used to demonstrate this issue.

Recommendations For versions prior to 3.5.12.007, update to version 3.5.12.007 or later to resolve the issue. As a temporary workaround, consider restricting access to the index.cgi page in the Account View section to minimize the risk of exploitation. Avoid using the pattern x parameter in the affected API endpoint until the issue is resolved.