CVE-2014-3857

high

Description

Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) x_16 or (2) x_17 parameter to print.php.

References

http://www.securityfocus.com/archive/1/532607/100/0/threaded

http://www.kerio.com/support/kerio-control/release-history

http://www.exploit-db.com/exploits/33954

http://secunia.com/advisories/59215

http://packetstormsecurity.com/files/127320/Kerio-Control-8.3.1-Blind-SQL-Injection.html

http://osvdb.org/show/osvdb/108584

Details

Source: Mitre, NVD

Published: 2014-07-03

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.01864

Detections

Analytics