Ipswitch » Whatsup Gold : Security Vulnerabilities, CVEs, (Sql injection)

CVE-2018-5778

An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Multiple SQL injection vulnerabilities are present in the legacy .ASP pages, which could allow attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
9.8
EPSS Score
0.09%
Published
2018-01-24
Updated
2018-02-09

CVE-2016-1000000

Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection
Max CVSS
8.8
EPSS Score
0.05%
Published
2016-10-06
Updated
2017-11-03

CVE-2015-8261

The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request.
Max CVSS
9.8
EPSS Score
0.08%
Published
2016-01-08
Updated
2017-09-10

CVE-2015-6004

Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter.
Max CVSS
6.5
EPSS Score
0.31%
Published
2015-12-27
Updated
2016-12-06

CVE-2012-2601

SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsUp Gold 15.02 allows remote attackers to execute arbitrary SQL commands via the sGroupList parameter.
Max CVSS
7.5
EPSS Score
0.39%
Published
2012-08-15
Updated
2017-08-29
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close