CVE-2018-5778

An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Multiple SQL injection vulnerabilities are present in the legacy .ASP pages, which could allow attackers to execute arbitrary SQL commands via unspecified vectors.

Published: Jan 24, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-5778
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
progress / whatsup_gold	-	17.1.1

https://docs.ipswitch.com/NM/WhatsUpGold2017Plus/01_ReleaseNotes/17PlusSP1/#link4

Vulnerability Database

290,278

CVE-2018-5778