CVE-2015-6004
Summary
| CVE | CVE-2015-6004 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-12-27 03:59:00 UTC |
| Updated | 2016-12-06 03:03:00 UTC |
| Description | Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter. |
Risk And Classification
Problem Types: CWE-89
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ipswitch | Whatsup Gold | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Ipswitch WhatsUp Gold Multiple HTML Injection and SQL Injection Vulnerabilities | BID | www.securityfocus.com | |
| Vulnerability Note VU#176160 - IPswitch WhatsUp Gold contains multiple XSS vulnerabilities and a SQLi | CERT-VN | www.kb.cert.org | Third Party Advisory, US Government Resource |
| Ipswitch WhatsUp Input Validation Flaws Let Remote Users Conduct SQL Injection and Cross-Site Scripting Attacks - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Information Security: Multiple Disclosures for ... | Rapid7 Community | MISC | community.rapid7.com | Exploit |
| JavaScript is not available. | CONFIRM | twitter.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.