icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

IpSwitch WhatsUp < 2005 SP 1A Login.asp Multiple Parameter SQL Injection

High

Synopsis

The remote host is vulnerable to a SQL Injection attack.

Description

The remote host is running the IpSwitch WhatsUp application, a tool for managing network hosts. This version of IpSwitch WhatsUp is vulnerable to a remote SQL Injection flaw. The login.asp script fails to parse out SQL-reserved characters and would allow a remote attacker to read or write data as well as potentially execute arbitrary code on the remote database

Solution

Upgrade to version 2005 SP 1A or higher.