|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-01-21 | |
| Rule Name: | Ipswitch WhatsUp Web Interface SQL Injection Vulnerability (CVE-2005-1250) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | There exists a SQL injection vulnerability in Ipswitch WhatsUp Professional. The flaw is caused by insufficient validation of user supplied data submitted to the product's Web interface. The vulnerability can allow an attacker to execute arbitrary SQL statements in the WhatsUp database. The behaviour of the target system is dependent on the intent of the malicious SQL statements submitted through the sUserName CGI variable. The most likely scenario would be an attempt to alter password values in the database such as to allow an attacker to subsequently log in as an administrative user. | |
| Impact: | An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | http://www.corsaire.com/advisories/c050323-001.txt http://www.idefense.com/application/poi/display?id=268&type=vulnerabilities http://www.ipswitch.com/forums/shwmessage.aspx?ForumID=20&MessageID=7699 |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: http://www.ipswitch.com/forums/shwmessage.aspx?ForumID=20&MessageID;=7699 |