First published: Wed Feb 22 2023(Updated: )
Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources.
Credit: security@devolutions.net
Affected Software | Affected Version | How to fix |
---|---|---|
Devolutions Devolutions Server | <=2022.3.12 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Devolutions Server vulnerability is CVE-2023-0953.
The title of this Devolutions Server vulnerability is 'Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier'.
This Devolutions Server vulnerability allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources.
The severity of CVE-2023-0953 is high with a CVSS score of 8.8.
To fix the CVE-2023-0953 vulnerability in Devolutions Server, update to version 2022.3.13 or later which addresses the insufficient input sanitization issue.