Description
SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the (1) User Name field (sUserName parameter) or (2) Password (sPassword parameter).
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by anonymous · textwebappsasp
https://www.exploit-db.com/exploits/25874
References (4)
Core 4
Core References
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2005-13/advisory/
Patch, Vendor Advisory third-party-advisory
x_refsource_idefense
http://www.idefense.com/application/poi/display?id=268&type=vulnerabilities
Patch, Vendor Advisory x_refsource_confirm
http://www.ipswitch.com/forums/shwmessage.aspx?ForumID=20&MessageID=7699
Various Sources x_refsource_misc
http://www.corsaire.com/advisories/c050323-001.txt
Scores
EPSS
0.2271
EPSS Percentile
95.9%
Details
Status
published
Products (1)
ipswitch/whatsup
professional_2005_sp1
Published
Jun 22, 2005
Tracked Since
Feb 18, 2026