SQL Injection Remote Code Execution Vulnerability
(CVE-2023-50395)
Summary
SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited and has not been reported outside of the initial report by the researcher.
Affected Products
- 2023.4.2 and previous versions
Fixed Software Release
Acknowledgments
- Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
Advisory Details
Severity
8.0 High
Advisory ID
First Published
02/06/2024
Last Published
02/06/2024