PT-2016-4489 · Ipswitch · Ipswitch Whatsup Gold
Published
2016-10-06
·
Updated
2024-08-27
·
CVE-2016-1000000
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Ipswitch WhatsUp Gold version 16.4.1
Description
The issue is related to a Blind SQL Injection in the
sUniqueID parameter of the WrFreeFormText.asp page. This allows for potential unauthorized access to database information.Recommendations
For Ipswitch WhatsUp Gold version 16.4.1, consider restricting access to the WrFreeFormText.asp page until a patch is available. As a temporary workaround, avoid using the
sUniqueID parameter in the affected API endpoint until the issue is resolved.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ipswitch Whatsup Gold