CVE-2023-37777

Published: Jan 22, 2025

Modified: Jan 31, 2025

PUBLISHED

Description

A SQL injection vulnerability exists in Synnefo Internet Management Software (IMS) version 2023 and earlier. This vulnerability occurs due to improper input validation in a specific API endpoint parameter allowing an attacker to manipulate SQL queries via crafted input. Successful exploitation could lead to unauthorized access to database records with DB administrator privileges which can be leveraged to escalate privileges further and execute arbitrary OS commands.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://synnefoims.com/

https://infosecwriteups.com/how-i-discovered-a-critical-vulnerability-in-an-internet-service-providers-software-56c6cc00f338

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-37777

Description

Affected Products

References