← Back to CVE List

CVE-2020-27869

Published: 2021-02-12T00:15Z
Last Modified: 2024-11-21T05:21Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2. Authentication is required to exploit this vulnerability. The specific flaw exists within the WriteToFile method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges and reset the password for the Admin user. Was ZDI-CAN-11804. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt