SQL Injection Remote Code Execution Vulnerability 

(CVE-2023-50395)

Download PDF

Summary

SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited and has not been reported outside of the initial report by the researcher.

Affected Products

  • 2023.4.2 and previous versions

Fixed Software Release

Acknowledgments

  • Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

Advisory Details

Severity

8.0 High

Advisory ID

CVE-2023-50395

First Published

02/06/2024

Last Published

02/06/2024

Fixed Version

SolarWinds Platform 2024.1

CVSS Score

CVSS:3.1AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H