Direct Inward Dialing: +1 408 916 9892
Severity: High
CVE ID: CVE-2024-0253, CVE-2024-0269, CVE-2023-49334, CVE-2023-49330, CVE-2023-49333, CVE-2023-49332, CVE-2023-49331, CVE-2023-49335, CVE-2023-48793, CVE-2023-48792
Affected Software Version(s): All ADAudit Plus builds below 7271
Fixed Version: Build 7271
Fixed on: January 12, 2024
Details: Multiple authenticated SQL injection vulnerabilities in ADAudit Plus Dashboard's Graphical and Summary views, Summary Report exports, and file server configuration have been fixed.
Impact: These vulnerabilities can allow an authenticated adversary to execute custom queries and access the database table entries using the vulnerable request.
Steps to Upgrade: Update your ADAudit Plus instance to the latest build — 7271 — using the service pack.
Acknowledgments: These issues were reported by Nhien Pham (aka nhienit) from bl4ckh0l3 team at GalaxyOne and minhgalaxy.
| Reporters | Reported CVEs |
| Nhien Pham (aka nhienit) from bl4ckh0l3 team at GalaxyOne | CVE-2023-48792, CVE-2023-48793, CVE-2023-49335 |
| minhgalaxy | CVE-2023-49330, CVE-2023-49331, CVE-2023-49332, CVE-2023-49333, CVE-2023-49334, CVE-2024-0253, CVE-2024-0269 |
Please contact support@adauditplus.com for more details.
