CVE-2023-35188 HIGH

CVE-2023-35188: SQL Injection Remote Code Execution Vulnerability

Vendor Solarwinds

Product SolarWinds Platform

Weakness CWE-89 · SQLi

Published February 6, 2024

Last update May 15, 2025

View on NVD All CVEs

CVSS base score

8.0/10

Attack vector Adjacent

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited.

Key dates

02Disclosure timeline

February 6, 2024 CVE published

May 15, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-35188

Related vulnerabilities

Identifiers

CVE CVE-2023-35188

CWE CWE-89

CVSS 8.0 / HIGH

Affected versions