ID de Prueba:	1.3.6.1.4.1.25623.1.0.105971
Categoría:	Web application abuses
Título:	SolarWinds VoIP and Network Quality Manager (VNQM) < 4.2 Multiple SQLi Vulnerabilities
Resumen:	SolarWinds VoIP and Network Quality Manager (VNQM) is prone to; multiple SQL injection (SQLi) vulnerabilities.
Descripción:	Summary: SolarWinds VoIP and Network Quality Manager (VNQM) is prone to multiple SQL injection (SQLi) vulnerabilities. Vulnerability Insight: On both the GetAccounts and GetAccountGroups endpoints, the 'sort' and 'dir' parameters are susceptible to boolean-/time-based, and stacked injections. The attacker has to be authenticated but it can be even exploited under a guest account. Vulnerability Impact: An authenticated attacker might execute arbitrary SQL commands to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Affected Software/OS: SolarWinds VNQM version 4.1 and prior. Solution: Update to version 4.2 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-9566 http://www.exploit-db.com/exploits/36262 http://seclists.org/fulldisclosure/2015/Mar/18 http://packetstormsecurity.com/files/130637/Solarwinds-Orion-Service-SQL-Injection.html http://volatile-minds.blogspot.com/2015/02/authenticated-stacked-sql-injection-in.html https://github.com/rapid7/metasploit-framework/pull/4836 http://osvdb.org/show/osvdb/118746
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.