Citrix SD-WAN Appliance < 10.2.3 Unauthenticated Blind SQL Injection
High Nessus Plugin ID 126466
SynopsisThe remote web server hosts a CGI script that is affected by a remote SQL injection vulnerability.
DescriptionThe remote Citrix SD-WAN Appliance is affected by an SQL injection vulnerability due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this issue to inject or manipulate SQL queries in the back-end database, resulting in the manipulation of arbitrary data.
SolutionUpgrade the Citrix SD-WAN Appliance software to version 10.2.3 or later.