VULHUB ™

It has been reported that NetUp UTM maybe prone to SQL injection attacks. The problem occurs due to the program failing to sufficiently escape control characters when handling user-supplied input within a SELECT statement. As a result, an attacker may be capable of hijacking a users session by supplying malicious SQL data within a request to the NetUp UTM web interface. This could be accomplished by including commands designed to escape the context of the expected data and influence the logic of the query. Successful exploitation of this issue could allow an attacker to gain access to the account of another user whose has an active session. Other attacks may also be possible.

It has been reported that NetUp UTM maybe prone to SQL injection attacks. The problem occurs due to the program failing to sufficiently escape control characters when handling user-supplied input within a SELECT statement. As a result, an attacker may be capable of hijacking a users session by supplying malicious SQL data within a request to the NetUp UTM web interface. This could be accomplished by including commands designed to escape the context of the expected data and influence the logic of the query. Successful exploitation of this issue could allow an attacker to gain access to the account of another user whose has an active session. Other attacks may also be possible.