What is CVE-2023-34133?

CVE-2023-34133 is a vulnerability in Sonicwall Analytics, classified under SQL Injection. Published 2023-07-13.

Is CVE-2023-34133 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Sonicwall Analytics

CVE-2023-34133

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue…

Vulnerability class: SQL Injection

EPSS: 0.643 (98.5th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Analytics — versions 2.5.0.4-R7 and earlier versions
Sonicwall Gms — versions 9.3.2-SP1 and earlier versions

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

rapid7/metasploit-framework
20142995/nuclei-templates
cyb3r-w0lf/nuclei-template-collection
nitish778191/fitness_

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010 (vendor-advisory)
www.sonicwall.com/support/notices/230710150218060 (related)
packetstormsecurity.com/files/174571/Sonicwall-GMS-9.9.9320-Remote-Code-Executi…

Frequently asked questions

What is CVE-2023-34133?: CVE-2023-34133 is a vulnerability in Sonicwall Analytics, classified under SQL Injection. Published 2023-07-13.
Is CVE-2023-34133 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.