CVE-2012-4344

Ipswitch WhatsUp Gold 15.02 - Cross-Site Scripting via SNMP System Name

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-4344. PoCs published by muts.

AI-analyzed exploit summary This JavaScript exploit targets Ipswitch WhatsUp Gold 15.02 via a blind SQL injection vulnerability in WrVMwareHostList.asp. It enables xp_cmdshell, uploads a reverse shell, and executes it, leveraging stored XSS and SQLi for RCE.

Description

Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the SNMP system name of the attacking host.

Exploits (1)

exploitdb WORKING POC VERIFIED

by muts · javascriptwebappsasp

https://www.exploit-db.com/exploits/20035

View Code ZIP pw:eip

This JavaScript exploit targets Ipswitch WhatsUp Gold 15.02 via a blind SQL injection vulnerability in WrVMwareHostList.asp. It enables xp_cmdshell, uploads a reverse shell, and executes it, leveraging stored XSS and SQLi for RCE.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Ipswitch WhatsUp Gold 15.02

No auth needed

Prerequisites: Access to the vulnerable web interface · Network connectivity to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/77150

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/20035

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/777007

Scores

EPSS 0.0824

EPSS Percentile 92.3%

Details

CWE

CWE-79

Status published

Products (1)

progress/whatsup_gold 15.02

Published Aug 15, 2012

Tracked Since Feb 18, 2026