SolarWinds Storage Manager is agentless heterogeneous monitoring and reporting of the performance and capacity of physical and virtual storage infrastructure. It delivers visibility and insight into how your storage infrastructure maps to your virtualized environment.
SolarWinds Storage Manager fails to properly sanitize user-supplied input passed to login interface. This can be exploited to execute arbitrary SQL commands. Additionally, unauthenticated user can upload and execute malicious files under the context of database server host operating system.
Apply vendor supplied hot-fix.
This exploit has been tested against SolarWinds Storage Manager 5.0.1.