vendor:
WhatsUp Professional
by:
SecurityFocus
7.5
CVSS
HIGH
Remote File-Include, Information-Disclosure, Source-Code Disclosure, Cross-Site Scripting, and Input-Validation Vulnerabilities
20
CWE
Product Name: WhatsUp Professional
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006
WhatsUp Professional Multiple Input-Validation Vulnerabilities
WhatsUp Professional is prone to multiple input-validation vulnerabilities. The issues include remote file-include, information-disclosure, source-code disclosure, cross-site scripting, and input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploits of these vulnerabilities could allow an attacker to access or modify data, steal cookie-based authentication credentials, perform username-enumeration, access sensitive information, and gain unauthorized access to script source code. Other attacks are also possible.
Mitigation:
Input validation should be used to ensure that untrusted data is not used to execute unintended commands or access data without proper authorization.
