SQL Injection Vulnerability in ZTE Mobile Internet Products Allows for Information Leak

SQL Injection Vulnerability in ZTE Mobile Internet Products Allows for Information Leak

CVE-2023-25651 · HIGH Severity

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.