CVE-2023-50395 HIGH

CVE-2023-50395: SQL Injection Remote Code Execution Vulnerability

Vendor Solarwinds
Product SolarWinds Platform
Weakness CWE-89 · SQLi
Published February 6, 2024
Last update June 13, 2025
View on NVD All CVEs

CVSS base score

8.0/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited

Key dates

02Disclosure timeline

February 6, 2024 CVE published
June 13, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2021-47766 Kmaleon 1.1.0.205 - 'tipocomb' SQL Injection (Authenticated) CVE-2023-1454 jeecg-boot qurestSql sql injection CVE-2025-24906 SQL Injection endpoint 'get_detalhes_cobranca.php' parameter 'codigo' in WeGIA CVE-2025-34246 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxPrevalidationController.ajaxAction() CVE-2025-31564 WordPress Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One plugin <= 2.2.6 - SQL Injection vulnerability