CVE-2023-22378 HIGH

CVE-2023-22378: Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2

Vendor Nozomi Networks
Product Guardian
Weakness CWE-89 · SQLi
Published August 9, 2023
Last update September 20, 2024
View on NVD All CVEs

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrary information from the DBMS in an uncontrolled way, alter its structure and data, and/or affect its availability.

Key dates

02Disclosure timeline

August 9, 2023 CVE published
September 20, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-12270 Beautiful Taxonomy Filters <= 2.4.3 - Unauthenticated SQL Injection CVE-2024-10432 Project Worlds Simple Web-Based Chat Application index.php sql injection CVE-2024-39677 NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities CVE-2025-9507 itsourcecode Apartment Management System visitor_info.php sql injection CVE-2025-9739 Campcodes Online Water Billing System process.php sql injection