CVE-2023-31450

Name of the Vulnerable Software and Affected Versions PRTG versions 23.2.84.1566 and earlier

Description A path traversal vulnerability was identified in the SQL v2 sensors where an authenticated user with write permissions could trick the sensors into behaving differently for existing and non-existing files, allowing the sensor to execute files outside the designated custom sensors folder. The vulnerability can be exploited by creating a SQL Sensor and setting the SQL message, which contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system and transmit them over the internet.

Recommendations For versions 23.2.84.1566 and earlier, consider disabling the SQL v2 sensors until a patch is available to prevent exploitation of the path traversal vulnerability. Restrict access to the SQL Sensor creation feature to minimize the risk of exploitation. Avoid using the SQL message input parameter in the SQL Sensor until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.