ID de Prueba:	1.3.6.1.4.1.25623.1.0.105966
Categoría:	Web application abuses
Título:	SolarWinds Network Performance Monitor Multiple SQL Injection Vulnerabilities
Resumen:	SolarWinds Network Performance Monitor is prone to multiple; SQL Injection vulnerabilities.
Descripción:	Summary: SolarWinds Network Performance Monitor is prone to multiple SQL Injection vulnerabilities. Vulnerability Insight: On both the GetAccounts and GetAccountGroups endpoints, the 'sort' and 'dir' parameters are susceptible to boolean-/time-based, and stacked injections. The attacker has to be authenticated but it can be even exploited under a guest account. Vulnerability Impact: An authenticated attacker might execute arbitrary SQL commands to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Affected Software/OS: SolarWinds NPM 11.4 and previous. Solution: Upgrade to SolarWinds NPM 11.5 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-9566 http://www.exploit-db.com/exploits/36262 http://seclists.org/fulldisclosure/2015/Mar/18 http://packetstormsecurity.com/files/130637/Solarwinds-Orion-Service-SQL-Injection.html http://volatile-minds.blogspot.com/2015/02/authenticated-stacked-sql-injection-in.html https://github.com/rapid7/metasploit-framework/pull/4836 http://osvdb.org/show/osvdb/118746
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.