Lucene search
KpcZDI-21-1601HistoryDec 23, 2021 - 12:00 a.m.
SolarWinds Network Performance Monitor Email Exposed Dangerous Function Privilege Escalation Vulnerability
2021-12-2300:00:00
kpc
www.zerodayinitiative.com
6
solarwinds
network performance monitor
privilege escalation
email class
vulnerability
sql queries
user-supplied string
administrator
EPSS
0.026
Percentile
90.4%
This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the Email class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator.
Related
zdi
zdi
prion
prion
Sql injection
2021-12-20 21:15:00
nessus
nessus
SolarWinds Orion Platform 2020.2.6 < 2020.2.6 HF3 SQLI
2021-12-20 00:00:00
nvd
nvd
CVE-2021-35234
2021-12-20 21:15:08
cve
cve
CVE-2021-35234
2021-12-20 21:15:08
cvelist
cvelist
CVE-2021-35234 Exposed Dangerous Functions - Privileged Escalation
2021-12-20 20:08:25