6 matches found
CVE-2024-43468
CVE-2024-43468 is an unauthenticated SQL injection vulnerability in Microsoft Configuration Manager (ConfigMgr / SCCM) that can lead to remote code execution. Public exploit scripts (e.g., from Synacktiv) demonstrate SQL injections against the site database with MP_Location service that processes...
CVE-2025-47178
CVE-2025-47178 is a Microsoft Configuration Manager remote code execution vulnerability caused by improper neutralization of SQL input (SQL injection). The flaw could enable an authorized attacker with low privileges to execute arbitrary code on an adjacent network, potentially affecting Microsof...
CVE-2025-59213
The CVE-2025-59213 issue affects Microsoft Endpoint Configuration Manager / Configuration Manager (System Center Configuration Manager). The vulnerability is described as improper neutralization of special elements used in an SQL command (SQL injection) that can allow an attacker to elevate privi...
CVE-2025-59501
CVE-2025-59501 is a confirmed spoofing/authentication-bypass vulnerability in Microsoft Configuration Manager (aka Configuration Manager/Endpoint Configuration Manager). Descriptions across Red Hat, NVD, and Microsoft-related sources indicate an attacker with adjacent access could spoof identity ...
CVE-2025-47179
Summary : CVE-2025-47179 is an elevation-of-privilege vulnerability in Microsoft Configuration Manager (aka Microsoft Endpoint/Configuration Manager). The issue arises from improper access control, enabling an authorized attacker to elevate privileges locally. The provided documents indicate a lo...
CVE-2025-55320
The CVE-2025-55320 case is a SQL injection–based Elevation of Privilege vulnerability in Microsoft Endpoint Configuration Manager / Configuration Manager. The issue arises from improper neutralization of special elements in SQL commands, enabling an authorized attacker to elevate privileges on a ...