Family: CGI abuses --> Category: attack
Ipswitch WhatsUp Professional Login.asp SQL Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for SQL injection vulnerability in Ipswitch WhatsUp Professional's Login.asp
Detailed Explanation for this Vulnerability Test
The remote web server contains an ASP script that is vulnerable to a
SQL injection attack.
The remote host is running Ipswitch WhatsUp Professional, a network
management and monitoring package.
The web front-end for WhatsUp Professional on the remote host is prone
to a SQL injection attack because it fails to sanitize the 'sUserName'
and 'sPassword' parameters in the 'Login.asp' script. A possible hacker may
be able to exploit this flaw to gain unauthenticated administrative
access to the affected application.
See also :
Upgrade to Ipswitch WhatsUp Pro 2005 SP1a or disable its web
Medium / CVSS Base Score : 4
Click HERE for more information and discussions on this network vulnerability scan.