Lucene search
KpcZDI-21-1597HistoryDec 23, 2021 - 12:00 a.m.
SolarWinds Network Performance Monitor PlaySound Exposed Dangerous Function Privilege Escalation Vulnerability
2021-12-2300:00:00
kpc
www.zerodayinitiative.com
8
solarwinds
network performance monitor
playsound
privilege escalation
vulnerability
authentication
sql queries
application administrator
EPSS
0.026
Percentile
90.4%
This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the PlaySound class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to escalate privileges to the level of an application administrator.
Related
zdi
zdi
prion
prion
Sql injection
2021-12-20 21:15:00
nessus
nessus
SolarWinds Orion Platform 2020.2.6 < 2020.2.6 HF3 SQLI
2021-12-20 00:00:00
nvd
nvd
CVE-2021-35234
2021-12-20 21:15:08
cve
cve
CVE-2021-35234
2021-12-20 21:15:08
cvelist
cvelist
CVE-2021-35234 Exposed Dangerous Functions - Privileged Escalation
2021-12-20 20:08:25