SQL Injection Remote Code Execution Vulnerability 

(CVE-2023-35188)

Download PDF

Summary

SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited and has not been reported outside of the initial report by the researcher.

Affected Products

  • 2023.4.2 and previous versions

Fixed Software Release

Acknowledgments

  • Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

Advisory Details

Severity

8.0 High

Advisory ID

CVE-2023-35188

First Published

02/06/2024

Last Updated

02/06/2024

Fixed Version

SolarWinds Platform 2024.1

CVSS Score

CVSS:3.1AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H