Sql injection

2015-09-0415:59:00

PRIOn knowledge base

www.prio-n.com

8.6 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

62.2%

JSON

WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ’ (single quote) character in the login and password parameters to webupgrade/webupgrade.php. NOTE: this was originally reported as an SQL injection vulnerability, but this may be inaccurate.

CPENameOperatorVersion
netsweeperge3.1.0
netsweeperlt3.1.10
netsweeperge4.0.0
netsweeperlt4.0.9
netsweeperge4.1.0
netsweeperlt4.1.2

Name	Operator	Version
netsweeper	ge	3.1.0
netsweeper	lt	3.1.10
netsweeper	ge	4.0.0
netsweeper	lt	4.0.9
netsweeper	ge	4.1.0
netsweeper	lt	4.1.2

References

helpdesk.netsweeper.com/docs/3.1/release_notes/netsweeper_releasenotes/3_1_10_0_release_notes/3.1.10_release_notes.htm

helpdesk.netsweeper.com/docs/4.0/release_notes/netsweeper_releasenotes/4_0_9_release_notes/4.0.9_release_notes.htm

helpdesk.netsweeper.com/docs/4.1/release_notes/netsweeper_releasenotes/4_1_release_notes/4_1_2_release_notes/4.1.2_release_notes.htm

www.exploit-db.com/exploits/37928/