CVE-2012-1259

Name of the Vulnerable Software and Affected Versions Plixer International Scrutinizer NetFlow & sFlow Analyzer versions 8.6.2.16204 through 9.0.1.19899

Description Multiple SQL injection vulnerabilities allow remote attackers to execute arbitrary SQL commands via the addip parameter to "cgi-bin/scrut fa exclusions.cgi", the getPermissionsAndPreferences parameter to "cgi-bin/login.cgi", or possibly certain parameters to "d4d/alarms.php" as demonstrated by the search str parameter.

Recommendations For versions 8.6.2.16204 through 9.0.1.19899, update to version 9.0.1.19899 or later to resolve the issue. As a temporary workaround, consider restricting access to the "cgi-bin/scrut fa exclusions.cgi" and "cgi-bin/login.cgi" endpoints until a patch is available. Avoid using the addip and getPermissionsAndPreferences parameters in the affected API endpoints until the issue is resolved.