Back to KEVs

CVE-2023-34133

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an...

Basic Information

CVE State
PUBLISHED
Reserved Date
May 25, 2023
Published Date
July 13, 2023
Last Updated
April 23, 2025
Vendor
SonicWall
Product
GMS, Analytics
Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Tags
edge

CVSS Scores

CVSS v3.1

7.5 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

Score
85.17% (Percentile: 99.30%) as of 2025-07-29

SSVC Information

Exploitation
none
Automatable
Yes
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (2025-07-07 00:00:00 UTC) Source

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010 https://www.sonicwall.com/support/notices/230710150218060 http://packetstormsecurity.com/files/174571/Sonicwall-GMS-9.9.9320-Remote-Code-Execution.html

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-07-08 12:01:28 UTC

Scanner Integrations

Scanner URL Date Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/sonicwall_shell_injection_cve_2023_34124.rb 2025-04-29 11:01:23 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Detected by Metasploit

  • Added to KEVIntel