Critical severity9.8NVD Advisory· Published Dec 20, 2017· Updated May 13, 2026

CVE-2012-2576

Description

SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field.

Affected products

SolarWinds/Backup Profiler
cpe:2.3:a:solarwinds:backup_profiler:*:*:*:*:*:*:*:*
Range: <5.1.2
SolarWinds/Storage Manager
cpe:2.3:a:solarwinds:storage_manager:*:*:*:*:*:*:*:*
Range: <5.1.2
SolarWinds/Storage Profiler
cpe:2.3:a:solarwinds:storage_profiler:*:*:*:*:*:*:*:*
Range: <5.1.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/18818nvdExploitThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/18833nvdExploitThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/51639nvdThird Party AdvisoryVDB Entry
www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/vulnerability.htmnvdVendor Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/72680nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.033
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000