1. Home
  2. CVE Database
  3. CVE-2023-37777
CRITICAL · 9.8

CVE-2023-37777

A SQL injection vulnerability exists in Synnefo Internet Management Software (IMS) version 2023 and earlier. This vulnerability occurs due to improper input validation in a specific API endpoint param...

Vulnerability Description

A SQL injection vulnerability exists in Synnefo Internet Management Software (IMS) version 2023 and earlier. This vulnerability occurs due to improper input validation in a specific API endpoint parameter allowing an attacker to manipulate SQL queries via crafted input. Successful exploitation could lead to unauthorized access to database records with DB administrator privileges which can be leveraged to escalate privileges further and execute arbitrary OS commands.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Related Weaknesses (CWE)

CWE-89

References

FAQ

What is CVE-2023-37777?

CVE-2023-37777 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A SQL injection vulnerability exists in Synnefo Internet Management Software (IMS) version 2023 and earlier. This vulnerability occurs due to improper input validation in a specific API endpoint param...

How severe is CVE-2023-37777?

CVE-2023-37777 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-37777?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.