Intrusion Prevention

IISProtect.GroupName.SQL.Injection

Description

It indicates a possible exploit of SQL Injection Vulnerability in iisProtect, a web interface for ISS server, that may allow an attacker to inject SQL and execute code on the vulnerable system via GroupName variable in SiteAdmin.ASP.

Affected Products

iisProtect 2.2 and iisProtect iisProtect 2.1

Impact

Gain Access to information in the backend database.

Recommended Actions

Upgrade iisProtect later than version 2.2.

CVE References

CVE-2003-0377