CVE-2014-9612

Name of the Vulnerable Software and Affected Versions: Netsweeper versions 3.1.10 and earlier Netsweeper versions 4.0.x through 4.0.8 Netsweeper versions 4.1.x through 4.1.1

Description: The issue allows remote attackers to execute arbitrary SQL commands via the server parameter in the remotereporter/load logfiles.php file. This can be exploited by sending malicious input to the vulnerable API endpoint.

Recommendations: For versions 3.1.10 and earlier, update to version 3.1.10 or later. For versions 4.0.x through 4.0.8, update to version 4.0.9 or later. For versions 4.1.x through 4.1.1, update to version 4.1.2 or later. As a temporary workaround, consider restricting access to the remotereporter/load logfiles.php file to minimize the risk of exploitation.