SQL Injection Remote Code Execution Vulnerability (CVE-2023-35188)

Summary

SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited and has not been reported outside of the initial report by the researcher.

Affected Products

  • 2023.4.2 and previous versions

Fixed Software Release

Acknowledgments

  • Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
Advisory Details
Severity
High
Advisory ID

CVE-2023-35188

First Published
02/06/2024
Last Updated
02/06/2024
Fixed Version

SolarWinds Platform 2024.1

CVSS Score

CVSS:3.1AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Download PDF
Send an Email