CVE-2017-11471

CRITICAL

IDERA Uptime Monitor 7.8 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-11471. PoCs published by SecuriTeam.

AI-analyzed exploit summary The exploit demonstrates SQL injection vulnerabilities in IDERA Uptime Monitor 7.8 via unsanitized user input in HTTP GET parameters, allowing remote unauthenticated attackers to execute arbitrary SQL queries. It also includes a directory traversal vulnerability enabling file access outside the web root.

Description

IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter.

Exploits (1)

exploitdb WORKING POC

by SecuriTeam · webappswindows

https://www.exploit-db.com/exploits/44071

View Code ZIP pw:eip

The exploit demonstrates SQL injection vulnerabilities in IDERA Uptime Monitor 7.8 via unsanitized user input in HTTP GET parameters, allowing remote unauthenticated attackers to execute arbitrary SQL queries. It also includes a directory traversal vulnerability enabling file access outside the web root.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: IDERA Uptime Monitor 7.8

No auth needed

Prerequisites: Network access to the vulnerable application

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Technical Description, Third Party Advisory x_refsource_misc

https://blogs.securiteam.com/index.php/archives/3223#more-3223

Scores

CVSS v3 9.8

EPSS 0.0147

EPSS Percentile 70.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

idera/uptime_infrastructure_monitor 7.8

Published Jul 20, 2017

Tracked Since Feb 18, 2026