CVE-2023-0953

HIGH

Devolutions Server < 2022.3.12 - Authenticated SQL Injection in Documentation Feature

Title source: llm
STIX 2.1

Description

Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources.

References (1)

Core 1

Scores

CVSS v3 8.8
EPSS 0.0103
EPSS Percentile 59.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
devolutions/devolutions_server < 2022.3.12
Published Mar 01, 2023
Tracked Since Feb 18, 2026