CVE-2023-37777

Name of the Vulnerable Software and Affected Versions Synnefo Internet Management Software versions 2023 and earlier

Description A SQL injection issue exists due to improper input validation in a specific API endpoint parameter, allowing an attacker to manipulate SQL queries via crafted input. Successful exploitation could lead to unauthorized access to database records with DB administrator privileges, which can be leveraged to escalate privileges further and execute arbitrary OS commands.

Recommendations For Synnefo Internet Management Software versions 2023 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the vulnerable API endpoint to minimize the risk of exploitation. Avoid using crafted input in the affected parameter until the issue is resolved.