Intrusion Prevention

SolarWinds.Storage.Manager.Server.SQL.Injection

Description

This indicates an attack attempt to exploit a SQL Injection vulnerability in SolarWinds Storage Manager.
The vulnerability is a result of the application's failure to properly sanitize user input in the "loginName" field before using it in a SQL query. A remote attacker can exploit this to send a crafted query to execute SQL commands on a vulnerable server.

Affected Products

SolarWinds Storage Manager, powered by Profiler 5.12 and earlier versions
SolarWinds Storage Profiler 5.12 and earlier versions
SolarWinds Backup Profiler 5.12 and earlier versions

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

CVE References

CVE-2012-2576