CVE-2005-1250

Name of the Vulnerable Software and Affected Versions: IpSwitch WhatsUp Professional 2005 SP1

Description: The issue concerns a SQL injection vulnerability in the logon screen of the web front end, specifically in NmConsole/Login.asp. This vulnerability allows remote attackers to execute arbitrary SQL commands by manipulating the sUserName or sPassword parameters in the User Name field or Password field, respectively.

Recommendations: For IpSwitch WhatsUp Professional 2005 SP1, consider restricting access to the logon screen of the web front end until a patch is available. As a temporary workaround, avoid using the sUserName and sPassword parameters in the affected API endpoint.