CVE-2012-2601

Ipswitch WhatsUp Gold 15.02 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2601. PoCs published by muts.

AI-analyzed exploit summary This JavaScript exploit targets Ipswitch WhatsUp Gold 15.02 via a blind SQL injection vulnerability in WrVMwareHostList.asp. It enables xp_cmdshell, uploads a reverse shell, and executes it, leveraging stored XSS and SQLi for RCE.

Description

SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsUp Gold 15.02 allows remote attackers to execute arbitrary SQL commands via the sGroupList parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by muts · javascriptwebappsasp
https://www.exploit-db.com/exploits/20035

This JavaScript exploit targets Ipswitch WhatsUp Gold 15.02 via a blind SQL injection vulnerability in WrVMwareHostList.asp. It enables xp_cmdshell, uploads a reverse shell, and executes it, leveraging stored XSS and SQLi for RCE.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Ipswitch WhatsUp Gold 15.02
No auth needed
Prerequisites: Access to the vulnerable web interface · Network connectivity to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/77152
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1027325
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/54626
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/20035
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/777007

Scores

EPSS 0.0291
EPSS Percentile 85.2%

Details

CWE
CWE-89
Status published
Products (1)
progress/whatsup_gold 15.02
Published Aug 15, 2012
Tracked Since Feb 18, 2026