CVE-2023-2567 in Guardian and CMCinformation

Résumé

par MITRE • 19/09/2023

A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. Authenticated users can extract arbitrary information from the DBMS in an uncontrolled way.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Réserver

08/05/2023

Divulgation

19/09/2023

Modérer

accepté

Entrée

VDB-239935

CPE

prêt

EPSS

0.00504

KEV

non

Activités

très faible

Sources

Interested in the pricing of exploits?

See the underground prices here!