Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

IpSwitch WhatsUp < 2005 SP 1A Login.asp Multiple Parameter SQL Injection

High

Synopsis

The remote host is vulnerable to a SQL Injection attack.

Description

The remote host is running the IpSwitch WhatsUp application, a tool for managing network hosts. This version of IpSwitch WhatsUp is vulnerable to a remote SQL Injection flaw. The login.asp script fails to parse out SQL-reserved characters and would allow a remote attacker to read or write data as well as potentially execute arbitrary code on the remote database

Solution

Upgrade to version 2005 SP 1A or higher.