SQL Injection Vulnerability in Devolutions Server by Devolutions
CVE-2023-0953
8.8HIGH
What is CVE-2023-0953?
A vulnerability exists in the documentation feature of Devolutions Server versions 2022.3.12 and earlier due to insufficient input sanitization. This weakness allows authenticated attackers to exploit SQL Injection techniques, potentially gaining unauthorized access to sensitive system resources and compromising system integrity. Organizations are advised to review their security protocols and apply necessary updates to safeguard against this vulnerability.
Affected Version(s)
Devolutions Server 0 <= 2022.3.12
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved