← back
CVE-2015-6004

CVE-2015-6004

EPSS 2.3%
Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://community.rapid7.com/community/infosec/blog/2015/12/16/multiple-disclosures-for-multiple-network-management-systemshttps://www.kb.cert.org/vuls/id/176160http://twitter.com/ipswitch/statuses/677558623229317121http://www.securityfocus.com/bid/79506http://www.securitytracker.com/id/1034833