Synnefo Internet Management Software SQL Injection Vulnerability Allowing Unauthorized Database Access and OS Command Execution

Vulnerability

A SQL injection vulnerability has been identified in Synnefo Internet Management Software (IMS) versions through 2023. The issue arises from inadequate input validation in a specific API endpoint, which allows attackers to manipulate SQL queries by sending crafted input. Exploitation of this vulnerability could result in unauthorized access to database records with administrative privileges, potentially leading to further privilege escalation and the execution of arbitrary operating system commands.

Impact

Exploitation of this vulnerability could allow an attacker to access sensitive database records with administrative rights, escalate privileges, and execute arbitrary commands on the operating system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.8

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.8

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Synnefo Internet Management Software SQL Injection Vulnerability Allowing Unauthorized Database Access and OS Command Execution

Vulnerability

Impact

Affected Products

Synnefo Internet Management Software

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating