Vulnerability Report

CVE-2012-2576

Title: Solarwinds Storage Manager Injection (SQLi/OSi)

SQLi

Proof Of Concept

PoC Available for CVE-2012-2576

CWE Category CWE-89

Published Date Dec 20, 2017

Modified Date May 13, 2026

Exploit Status Available

Score 9.8 CVSS v3.0

Exploit Probability (EPSS)

59.15%

Vulnerability Summary

CVE-2012-2576: SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field.

Impacted Vendors

solarwinds 3

qsan 1

Reference Links

http://www.exploit-db.com/exploits/18818 http://www.exploit-db.com/exploits/18833 http://www.securityfocus.com/bid/51639 http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/vulnerability.htm https://exchange.xforce.ibmcloud.com/vulnerabilities/72680 http://www.exploit-db.com/exploits/18818 http://www.exploit-db.com/exploits/18833 http://www.securityfocus.com/bid/51639 http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/vulnerability.htm https://exchange.xforce.ibmcloud.com/vulnerabilities/72680

CVSS v3.0

Source Entity [email protected]

Severity CRITICAL

9.8

Attack Vector

NETWORK

Complexity

LOW

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

Source Entity [email protected]

Severity HIGH

10.0

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:L/Au:N/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns