CVE-2023-3864 HIGH

CVE-2023-3864: SQL injection vulnerability in Snow License Manager

Vendor Snow Software

Product SLM

Weakness CWE-89 · SQLi

Published August 11, 2023

Last update October 9, 2024

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal.

Key dates

02Disclosure timeline

August 11, 2023 CVE published

October 9, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-3864 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2025-12197 The Events Calendar 6.15.1.1 - 6.15.9 - Unauthenticated SQL Injection via s CVE-2023-50844 WordPress WP Mail Catcher Plugin <= 2.1.3 is vulnerable to SQL Injection CVE-2024-56247 WordPress WP Post Author plugin <= 3.8.2 - SQL Injection vulnerability CVE-2025-1580 PHPGurukul Nipah Virus Testing Management System search-report-result.php sql injection CVE-2025-3096 Clinics Patient Management System SQL Injection