CVE-2023-50395

HIGH

SolarWinds Platform < 2024.1 - Authenticated SQL Injection and Remote Code Execution via Update Statement

Title source: llm
STIX 2.1

Description

SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited

References (2)

Core 2

Scores

CVSS v3 8.0
EPSS 0.0100
EPSS Percentile 77.2%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
solarwinds/solarwinds_platform < 2024.1
Published Feb 06, 2024
Tracked Since Feb 18, 2026