Sql injection

🗓️ 04 Sep 2015 15:59:00Reported by PRIOn knowledge baseType

WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' (single quote) character in the login and password parameters to webupgrade/webupgrade.php

Reporter	Title	Published	Views	Family All 9
0day.today	Netsweeper 4.0.9 - Multiple Vulnerabilities	13 Aug 201500:00	–	zdt
CNVD	Netsweeper WebUpgrade Authorization Issues Vulnerability	9 Sep 201500:00	–	cnvd
CVE	CVE-2014-9605	4 Sep 201515:00	–	cve
Cvelist	CVE-2014-9605	4 Sep 201515:00	–	cvelist
Exploit DB	Netsweeper 4.0.8 - SQL Injection / Authentication Bypass	21 Aug 201500:00	–	exploitdb
EUVD	EUVD-2014-9418	7 Oct 202500:30	–	euvd
exploitpack	Netsweeper 4.0.8 - SQL Injection Authentication Bypass	21 Aug 201500:00	–	exploitpack
NVD	CVE-2014-9605	4 Sep 201515:59	–	nvd
OpenVAS	Netsweeper Multiple Vulnerabilities (Aug 2015)	25 Aug 201500:00	–	openvas

Source	Link
exploit-db	www.exploit-db.com/exploits/37928/
helpdesk	www.helpdesk.netsweeper.com/docs/3.1/release_notes/netsweeper_releasenotes/3_1_10_0_release_notes/3.1.10_release_notes.htm
helpdesk	www.helpdesk.netsweeper.com/docs/4.1/release_notes/netsweeper_releasenotes/4_1_release_notes/4_1_2_release_notes/4.1.2_release_notes.htm
helpdesk	www.helpdesk.netsweeper.com/docs/4.0/release_notes/netsweeper_releasenotes/4_0_9_release_notes/4.0.9_release_notes.htm

01 Feb 2019 18:23Current

8.6High risk

Vulners AI Score8.6

EPSS0.08686