Описание
SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 5.1.2 (исключая)Версия до 5.1.2 (исключая)Версия до 5.1.2 (исключая)
Одно из
cpe:2.3:a:solarwinds:backup_profiler:*:*:*:*:*:*:*:*
cpe:2.3:a:solarwinds:storage_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:solarwinds:storage_profiler:*:*:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.41082
Средний
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field.
EPSS
Процентиль: 97%
0.41082
Средний
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-89