Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network.
2025-07-08T17:15:36.937
2025-07-23T18:30:05.453
Analyzed
CVSSv3.1: 8.0 (HIGH)
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | microsoft | configuration_manager_2503 | < 5.00.9135.1003 | Yes |