CVE-2023-41262

CRITICAL

Plixer Scrutinizer <19.3.1 - SQL Injection

Title source: llm
STIX 2.1

Description

An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements in the context of the application's backend database server.

References (1)

Core 1

Scores

CVSS v3 9.8
EPSS 0.0070
EPSS Percentile 48.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
plixer/scrutinizer < 19.3.1
Published Oct 12, 2023
Tracked Since Feb 18, 2026