94496

https://www.tenable.com/security/research/tra-2016-15

According to its self-reported version number, the Ipswitch WhatsUp Gold application installed on the remote host is prior to 16.5.0. It is, therefore, affected by a SQL injection vulnerability within file WrFreeFormText.asp due to improper sanitization of user-supplied input to the 'sUniqueID' parameter and the 'find device' field. An authenticated, remote attacker can exploit this issue to inject or manipulate SQL queries in the back-end database, resulting in the manipulation or disclosure of arbitrary data.

Note that this issue was tested only on version 16.4.1 but is believed to affect all previous versions.

CVE-2016-1000000

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins

medium