This script is Copyright (C) 2017 Tenable Network Security, Inc.
An application installed on the remote host is affected by a SQL
According to its self-reported version number, the Ipswitch WhatsUp
Gold application installed on the remote host is prior to 16.5.0. It
is, therefore, affected by a SQL injection vulnerability within file
WrFreeFormText.asp due to improper sanitization of user-supplied input
to the 'sUniqueID' parameter and the 'find device' field. An
authenticated, remote attacker can exploit this issue to inject or
manipulate SQL queries in the back-end database, resulting in the
manipulation or disclosure of arbitrary data.
Note that this issue was tested only on version 16.4.1 but is believed
to affect all previous versions.
See also :
Upgrade to Ipswitch WhatsUp Gold version 16.5.0 or later.
Risk factor :
Medium / CVSS Base Score : 6.5
CVSS Temporal Score : 4.8
Public Exploit Available : false