SQL Injection Remote Code Execution Vulnerability
(CVE-2023-35188)
Summary
SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited and has not been reported outside of the initial report by the researcher.
Affected Products
- 2023.4.2 and previous versions
Fixed Software Release
Acknowledgments
- Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
Advisory Details
Severity
8.0 High
Advisory ID
First Published
02/06/2024
Last Updated
02/06/2024