CVE-2012-2576

CRITICAL

SolarWinds Backup Profiler < 5.1.2 - SQL Injection via LoginServlet loginName Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2012-2576. PoCs published by Metasploit, muts, r@b13$, muts, sinn3r, including Metasploit module exploits/windows/http/solarwinds_storage_manager_sql.

AI-analyzed exploit summary This Metasploit module exploits a SQL injection vulnerability in SolarWinds Storage Manager 5.1.0 to achieve remote code execution by injecting a malicious JSP payload into the web root directory, which then downloads and executes a malicious executable.

Description

SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/18833

This Metasploit module exploits a SQL injection vulnerability in SolarWinds Storage Manager 5.1.0 to achieve remote code execution by injecting a malicious JSP payload into the web root directory, which then downloads and executes a malicious executable.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SolarWinds Storage Manager 5.1.0
No auth needed
Prerequisites: Network access to the target system · SolarWinds Storage Manager 5.1.0 running on the target
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by muts · pythonremotewindows
https://www.exploit-db.com/exploits/18818

This exploit leverages a SQL injection vulnerability in SolarWinds Storage Manager 5.1.0 to write a JSP shell to the server, which then establishes a reverse shell connection to the attacker's specified host and port.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SolarWinds Storage Manager 5.1.0
No auth needed
Prerequisites: Network access to the target server on port 9000 · Target server must be running SolarWinds Storage Manager 5.1.0
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by r@b13$, muts, sinn3r · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/solarwinds_storage_manager_sql.rb

This Metasploit module exploits a SQL injection vulnerability in SolarWinds Storage Manager 5.1.0 to create a JSP file under the web root directory, which then downloads and executes a malicious payload under the context of SYSTEM.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SolarWinds Storage Manager 5.1.0
No auth needed
Prerequisites: Network access to the target on port 9000 · Target must be running SolarWinds Storage Manager 5.1.0
devstral-2 · analyzed May 27, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72680
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18818
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/51639
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18833

Scores

CVSS v3 9.8
EPSS 0.6676
EPSS Percentile 98.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (3)
solarwinds/backup_profiler < 5.1.2
solarwinds/storage_manager < 5.1.2
solarwinds/storage_profiler < 5.1.2
Published Dec 20, 2017
Tracked Since Feb 18, 2026