Phone Get Quote
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

Security Updates

Multiple Authenticated SQL Injection Vulnerabilities fixed in ADAudit Plus build 7271

Severity: High

CVE ID: CVE-2024-0253, CVE-2024-0269, CVE-2023-49334, CVE-2023-49330, CVE-2023-49333, CVE-2023-49332, CVE-2023-49331, CVE-2023-49335, CVE-2023-48793, CVE-2023-48792

Affected Software Version(s): All ADAudit Plus builds below 7271

Fixed Version: Build 7271

Fixed on: January 12, 2024

Details: Multiple authenticated SQL injection vulnerabilities in ADAudit Plus Dashboard's Graphical and Summary views, Summary Report exports, and file server configuration have been fixed.

Impact: These vulnerabilities can allow an authenticated adversary to execute custom queries and access the database table entries using the vulnerable request.

Steps to Upgrade: Update your ADAudit Plus instance to the latest build — 7271 — using the service pack.

Acknowledgments: These issues were reported by Nhien Pham (aka nhienit) from bl4ckh0l3 team at GalaxyOne and minhgalaxy.

Reporters Reported CVEs
Nhien Pham (aka nhienit) from bl4ckh0l3 team at GalaxyOne CVE-2023-48792, CVE-2023-48793, CVE-2023-49335
minhgalaxy CVE-2023-49330, CVE-2023-49331, CVE-2023-49332, CVE-2023-49333, CVE-2023-49334, CVE-2024-0253, CVE-2024-0269

Please contact for more details.

ADAudit Plus Trusted By