SQL Injection Vulnerabilities in Netsweeper before 2.6.29.10

SQL Injection Vulnerabilities in Netsweeper before 2.6.29.10

CVE-2014-9613 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to webadmin/auth/verification.php or (2) dpid parameter to webadmin/deny/index.php.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.