Sign-up

ID

VAR-200506-0244


CVE

CVE-2005-1250


TITLE

Ipswitch WhatsUp Professional 'login.asp' SQL Injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200506-208

DESCRIPTION

SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the (1) User Name field (sUserName parameter) or (2) Password (sPassword parameter). This issue is due to a failure in the application to properly sanitize user-supplied input to the 'login.asp' script before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. It should be noted that by supplying a 'or' value through the 'password' parameter, an attacker can gain unauthorized access to an affected site. WhatsUp Professional is a network management solution for SMBs

Trust: 1.26

sources: NVD: CVE-2005-1250 // BID: 14039 // VULHUB: VHN-12459

AFFECTED PRODUCTS

vendor:ipswitchmodel:whatsupscope:eqversion:professional_2005_sp1

Trust: 1.6

vendor:ipswitchmodel:whatsup professional sp1scope:eqversion:2005

Trust: 0.3

vendor:ipswitchmodel:whatsup professional sp1ascope:neversion:2005

Trust: 0.3

sources: BID: 14039 // CNNVD: CNNVD-200506-208 // NVD: CVE-2005-1250

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-1250
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200506-208
value: HIGH

Trust: 0.6

VULHUB: VHN-12459
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2005-1250
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-12459
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-12459 // CNNVD: CNNVD-200506-208 // NVD: CVE-2005-1250

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-1250

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200506-208

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-200506-208

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-12459

EXTERNAL IDS
db:NVDid:CVE-2005-1250
Trust: 2.0
db:CNNVDid:CNNVD-200506-208
Trust: 0.7
db:IDEFENSEid:20050622 IPSWITCH WHATSUP PROFESSIONAL 2005 (SP1) SQL INJECTION VULNERABILITY
Trust: 0.6
db:BIDid:14039
Trust: 0.4
db:EXPLOIT-DBid:25874
Trust: 0.1
db:SEEBUGid:SSVID-79527
Trust: 0.1
db:VULHUBid:VHN-12459
Trust: 0.1
sources:
            
            
            VULHUB: VHN-12459 // 
            
            
            
            BID: 14039 // 
            
            
            
            CNNVD: CNNVD-200506-208 // 
            
            
            
            NVD: CVE-2005-1250

REFERENCES
url:http://www.ipswitch.com/forums/shwmessage.aspx?forumid=20&messageid=7699
Trust: 1.9
url:http://secunia.com/secunia_research/2005-13/advisory/
Trust: 1.7
url:http://www.corsaire.com/advisories/c050323-001.txt
Trust: 1.7
url:http://www.idefense.com/application/poi/display?id=268&type=vulnerabilities
Trust: 1.6
url:/archive/1/403080
Trust: 0.3
url:http://www.ipswitch.com/forums/shwmessage.aspx?forumid=20&messageid=7699
Trust: 0.1
url:http://www.idefense.com/application/poi/display?id=268&type=vulnerabilities
Trust: 0.1
sources:
            
            
            VULHUB: VHN-12459 // 
            
            
            
            BID: 14039 // 
            
            
            
            CNNVD: CNNVD-200506-208 // 
            
            
            
            NVD: CVE-2005-1250

CREDITS
iDEFENSE
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200506-208

SOURCES
db:VULHUBid:VHN-12459
db:BIDid:14039
db:CNNVDid:CNNVD-200506-208
db:NVDid:CVE-2005-1250

LAST UPDATE DATE
2024-08-14T14:35:43.893000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-12459date:2008-09-05T00:00:00
db:BIDid:14039date:2009-07-12T16:06:00
db:CNNVDid:CNNVD-200506-208date:2005-10-20T00:00:00
db:NVDid:CVE-2005-1250date:2008-09-05T20:48:38.937

SOURCES RELEASE DATE
db:VULHUBid:VHN-12459date:2005-06-22T00:00:00
db:BIDid:14039date:2005-06-22T00:00:00
db:CNNVDid:CNNVD-200506-208date:2005-06-22T00:00:00
db:NVDid:CVE-2005-1250date:2005-06-22T04:00:00