cbcvebase.
CVE-2023-34133
published 2023-07-13

CVE-2023-34133: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated…

PriorityP182high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
77.03%
99.5th percentile
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

Affected

6 ranges
VendorProductVersion rangeFixed in
sonicwallanalytics<= 2.5.0.4-r7
sonicwallanalytics
sonicwallglobal_management_system< 9.3.29.3.2
sonicwallglobal_management_system
sonicwallgms
sonicwallgms

Detection & IOCsextracted from sources · hover to see the quote

url/ws/msw/tenant/
command' union select (select ID from SGMSDB.DOMAINS), '', '', '', '', '', (select MD5({{num}})),'', '', '
  • The SQL injection payload targets the /ws/msw/tenant/ endpoint with a UNION-based injection against the SGMSDB.DOMAINS table. Detect unauthenticated GET requests to this path containing UNION SELECT or MD5 SQL keywords in the URL.
  • The vulnerability is exploitable unauthenticated and is chained with auth bypass and shell injection (CVE-2023-34124) to achieve RCE on SonicWall GMS <= 9.9.9320. Correlate exploitation attempts across these CVEs.
  • The SQL injection response can be matched by checking the HTTP response body for the MD5 hash of the injected numeric value (999999999), confirming successful UNION-based data extraction.
  • ·Affected versions are GMS 9.3.2-SP1 and earlier, and Analytics 2.5.0.4-R7 and earlier. The Metasploit module targets GMS versions <= 9.9.9320, suggesting a broader version range may be exploitable in chained attack scenarios.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.