N/A

SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the (1) User Name field (sUserName parameter) or (2) Password (sPassword parameter).

N/A

N/A

Ipswitch WhatsUp Professional 'login.asp' SQL注入漏洞

WhatsUp Professional是中小企业的网络管理解决方案。 远程利用IpSwitch的WhatsUp Professional 2005 Service Pack 1中的SQL注入漏洞可能允许远程攻击者获得管理访问。 WhatsUp Professional基于Web的前端的主登陆屏没有正确的验证输入，这就可能导致SQL注入攻击。攻击者可以在默认的登陆页面中通过User Name和Password字段提交SQL命令。

N/A

N/A