SolarWinds Storage Manager Server SQL Injection Vulnerability
BID:51639
CVE-2012-2576 |Info
SolarWinds Storage Manager Server SQL Injection Vulnerability
| Bugtraq ID: | 51639 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 23 2012 12:00AM |
| Updated: | May 07 2012 03:50PM |
| Credit: | r@b13$ of Digital Defense |
| Vulnerable: |
SolarWinds Storage Manager Server 5.1 SolarWinds Storage Manager Server 5.1.2 |
| Not Vulnerable: |
SolarWinds Storage Manager Server 5.2 |
Discussion
SolarWinds Storage Manager Server SQL Injection Vulnerability
SolarWinds Storage Manager Server is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Storage Manager Server 5.1.2 is vulnerable; other versions may also be affected.
SolarWinds Storage Manager Server is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Storage Manager Server 5.1.2 is vulnerable; other versions may also be affected.
Exploit / POC
SolarWinds Storage Manager Server SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
The following exploits are available:
Attackers can use a browser to exploit this issue.
The following exploits are available:
Solution / Fix
SolarWinds Storage Manager Server SQL Injection Vulnerability
Solution:
Updates are available. Please see the references for more details.
Solution:
Updates are available. Please see the references for more details.
References
SolarWinds Storage Manager Server SQL Injection Vulnerability
References:
References: