The host is installed with Ipswitch WhatsUp Gold 15.02 and is prone to SQL injection vulnerability. A flaw is present in the application, which fails to handle a specially-crafted SQL statements to the WrVMwareHostList.asp script using the sGroupList parameter. Successful exploitation allows remote attackers to execute arbitrary SQL commands via the sGroupList parameter.