PT-2023-20231 · Nozomi Networks · Nozomi Networks Guardian+1

Mostafa Soliman

Publicado

2023-09-19

Atualizado

2024-09-30

CVE-2023-2567

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Nozomi Networks Guardian and CMC (affected versions not specified)

Description A SQL Injection issue has been found due to improper input validation in certain parameters used in the Query functionality. Authenticated users may be able to execute arbitrary SQL statements on the DBMS used by the web application, allowing them to extract arbitrary information from the DBMS in an uncontrolled way.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-2567

Produtos afetados

Nozomi Networks Cmc

Nozomi Networks Guardian

PT-2023-20231 · Nozomi Networks · Nozomi Networks Guardian+1

CVE-2023-2567

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9