This Metasploit module exploits a stacked SQL injection in order to add an administrator user to the SolarWinds Orion database.
093acbf207ec9ea4bf6637a74dfccd18178c65093dbf4078f9c5d6f9416237f6
Various remote SQL injection vulnerabilities exist in the core Orion service used in most of the Solarwinds products. Affected products include Network Performance Monitor below version 11.5, NetFlow Traffic Analyzer below version 4.1, Network Configuration Manager below version 7.3.2, IP Address Manager below version 4.3, User Device Tracker below version 3.2, VoIP
40f0cfd35789791a3221e29e1e315107c0ccf98e5d5f17f0defa24fafd955c3f