CVE-2012-2576 – SolarWinds Storage Manager 5.1.0 - Remote SYSTEM SQL Injection

https://notcve.org/view.php?id=CVE-2012-2576

SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field. Vulnerabilidad de inyección SQL en la página LoginServlet en SolarWinds Storage Manager en versiones anteriores a la 5.1.2, SolarWinds Storage Profiler en versiones anteriores a la 5.1.2 y SolarWinds Backup Profiler en versiones anteriores a la 5.1.2 permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el campo loginName. • https://www.exploit-db.com/exploits/18818 http://www.exploit-db.com/exploits/18818 http://www.exploit-db.com/exploits/18833 http://www.securityfocus.com/bid/51639 http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/vulnerability.htm https://exchange.xforce.ibmcloud.com/vulnerabilities/72680 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •