{"api_version":"1","generated_at":"2026-05-07T07:52:29+00:00","cve":"CVE-2012-2576","urls":{"html":"https://cve.report/CVE-2012-2576","api":"https://cve.report/api/cve/CVE-2012-2576.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2012-2576","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2012-2576"},"summary":{"title":"CVE-2012-2576","description":"SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field.","state":"PUBLIC","assigner":"cert@cert.org","published_at":"2017-12-20 21:29:00","updated_at":"2018-01-11 14:26:00"},"problem_types":["CWE-89"],"metrics":[],"references":[{"url":"http://www.exploit-db.com/exploits/18833","name":"18833","refsource":"EXPLOIT-DB","tags":["Exploit","Third Party Advisory","VDB Entry"],"title":"Solarwinds Storage Manager 5.1.0 SQL Injection","mime":"text/x-ruby","httpstatus":"200","archivestatus":"200"},{"url":"http://www.exploit-db.com/exploits/18818","name":"18818","refsource":"EXPLOIT-DB","tags":["Exploit","Third Party Advisory","VDB Entry"],"title":"Solarwinds Storage Manager 5.1.0 Remote SYSTEM SQL Injection Exploit","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/vulnerability.htm","name":"http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/vulnerability.htm","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"SolarWinds Storage Vulnerability Notice","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/72680","name":"solarwnds-loginservlet-sql-injection(72680)","refsource":"XF","tags":["Third Party Advisory","VDB Entry"],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/51639","name":"51639","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"SolarWinds Storage Manager Server SQL Injection Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2012-2576","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2576","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2012","cve_id":"2576","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"solarwinds","cpe5":"backup_profiler","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"2576","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"solarwinds","cpe5":"backup_profiler","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"2576","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"solarwinds","cpe5":"storage_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"2576","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"solarwinds","cpe5":"storage_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"2576","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"solarwinds","cpe5":"storage_profiler","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"2576","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"solarwinds","cpe5":"storage_profiler","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cert@cert.org","ID":"CVE-2012-2576","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"solarwnds-loginservlet-sql-injection(72680)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/72680"},{"name":"http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/vulnerability.htm","refsource":"CONFIRM","url":"http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/vulnerability.htm"},{"name":"18818","refsource":"EXPLOIT-DB","url":"http://www.exploit-db.com/exploits/18818"},{"name":"51639","refsource":"BID","url":"http://www.securityfocus.com/bid/51639"},{"name":"18833","refsource":"EXPLOIT-DB","url":"http://www.exploit-db.com/exploits/18833"}]}},"nvd":{"publishedDate":"2017-12-20 21:29:00","lastModifiedDate":"2018-01-11 14:26:00","problem_types":["CWE-89"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":10},"severity":"HIGH","exploitabilityScore":10,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:solarwinds:backup_profiler:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:solarwinds:storage_profiler:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:solarwinds:storage_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.2","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2012","CveId":"2576","Ordinal":"55314","Title":"CVE-2012-2576","CVE":"CVE-2012-2576","Year":"2012"},"notes":[{"CveYear":"2012","CveId":"2576","Ordinal":"1","NoteData":"SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field.","Type":"Description","Title":null},{"CveYear":"2012","CveId":"2576","Ordinal":"2","NoteData":"2017-12-20","Type":"Other","Title":"Published"},{"CveYear":"2012","CveId":"2576","Ordinal":"3","NoteData":"2017-12-20","Type":"Other","Title":"Modified"}]}}}