CVE-2023-34133

HIGH EXPLOITED NUCLEI

Sonicwall

Title source: metasploit

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

Nuclei Templates (1)

SonicWall GMS and Analytics - SQL Injection

HIGHby theamanrawat

Shodan: http.favicon.hash:"-1381126564"

FOFA: icon_hash="-1381126564"

References (3)

[Vendor Advisory] https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010

[Vendor Advisory] https://www.sonicwall.com/support/notices/230710150218060

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/174571/Sonicwall-GMS-9.9.9320-Remote-Code-Execution.html

Scores

CVSS v3 7.5

EPSS 0.6627

EPSS Percentile 98.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2023-11-16

CWE

CWE-89

Status published

Products (3)

sonicwall/analytics < 2.5.0.4-r7

sonicwall/global_management_system 9.3.2 (2 CPE variants)

sonicwall/global_management_system < 9.3.2

Published Jul 13, 2023

Tracked Since Feb 18, 2026