VULHUB ™

It has been reported that NetUp UTM maybe prone to SQL injection attacks. The problem occurs due to the program failing to sufficiently escape control characters when handling user-supplied input use within various SQL queries. As a result, an attacker may be capable of modifying sensitive attributes of their user account. This may include current money balance and bill status. It may also be possible to influence the configuration behaviour of the server, potentially making it possible to execute arbitrary shell commands with 'nobody' privileges. This could be accomplished by including commands designed to escape the context of the expected data and influence the logic of the query.

It has been reported that NetUp UTM maybe prone to SQL injection attacks. The problem occurs due to the program failing to sufficiently escape control characters when handling user-supplied input use within various SQL queries. As a result, an attacker may be capable of modifying sensitive attributes of their user account. This may include current money balance and bill status. It may also be possible to influence the configuration behaviour of the server, potentially making it possible to execute arbitrary shell commands with 'nobody' privileges. This could be accomplished by including commands designed to escape the context of the expected data and influence the logic of the query.