CVE-2015-9098

CRITICAL

Red-gate Sql Monitor < 3.5 - SQL Injection

Title source: rule

Description

In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is connecting to these machines using an account with SQL admin privileges, then code execution on the operating system can result in full system compromise (if Microsoft SQL Server is running with local administrator privileges).

Exploits (1)

exploitdb WORKING POC
by Paul Taylor · textwebappswindows
https://www.exploit-db.com/exploits/42444

References (2)

Scores

CVSS v3 9.8
EPSS 0.3999
EPSS Percentile 97.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (3)
red-gate/sql_monitor 4.0
red-gate/sql_monitor 4.1
red-gate/sql_monitor < 3.5
Published Jun 22, 2017
Tracked Since Feb 18, 2026