CVE-2018-5778: SQL Injection
First published: Wed Jan 24 2018(Updated: )
An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Multiple SQL injection vulnerabilities are present in the legacy .ASP pages, which could allow attackers to execute arbitrary SQL commands via unspecified vectors.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ipswitch WhatsUp Gold | <17.1.1 | |
| Progress WhatsUp Gold | <17.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2018-5778?
CVE-2018-5778 is a vulnerability in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1) that allows attackers to execute arbitrary SQL commands.
How severe is CVE-2018-5778?
CVE-2018-5778 has a severity rating of 9.8 (critical).
What software is affected by CVE-2018-5778?
Ipswitch WhatsUp Gold versions up to and excluding 17.1.1 are affected by CVE-2018-5778.
How can the SQL injection vulnerabilities be exploited?
The SQL injection vulnerabilities in Ipswitch WhatsUp Gold can be exploited by attackers using unspecified vectors to execute arbitrary SQL commands.
Is there a fix available for CVE-2018-5778?
To fix CVE-2018-5778, upgrade to Ipswitch WhatsUp Gold 2017 Plus SP1 (17.1.1) or a later version.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/references
- agent/event
- agent/tags
- agent/first-publish-date
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/ipswitch
- canonical/ipswitch whatsup gold
- vendor/progress
- canonical/progress whatsup gold