SQL Injection Vulnerability in SolarWinds Network Performance Monitor
CVE-2018-13442
8.8HIGH
What is CVE-2018-13442?
The SolarWinds Network Performance Monitor 12.3 contains a vulnerability that allows for SQL Injection through the manipulation of parameters sent to the /api/ActiveAlertsOnThisEntity/GetActiveAlerts TriggeringObjectEntityNames endpoint. This flaw could potentially allow an attacker to execute arbitrary SQL queries, leading to unauthorized access to sensitive data or alteration of database contents, posing significant risks to network integrity.