SQL Injection Vulnerability (CVE-2024-36516) fixed in ADAudit Plus build 8000

Vulnerability details
Severity	High
CVE ID	CVE-2024-36516
Affected Software Version(s)	All ADAudit Plus builds below 8000
Fixed Version	Build 8000
Fixed on	March 01, 2024

Details

An SQL injection vulnerability in ADAudit Plus' Dashboard has been fixed. This vulnerability is different from another vulnerability (CVE-2024-36515), both of which have affected ADAudit Plus' dashboard.

Impact

This vulnerability could allow an authenticated adversary to execute custom queries and access the database table entries using the vulnerable request.

Steps to upgrade

Update your ADAudit Plus instance to the latest build — 8000 — using the service pack.

Acknowledgements

This issue was reported by minhgalaxy.

Please contact support@adauditplus.com for more details.

Active Directory auditing

Windows file auditing

NAS device file auditing

Windows server auditing

Workstation auditing

Azure AD auditing

All features →

Help documents

Video zone

Webinars

Product brochures

Case studies

E-books

Awards zone

Study

How tos

Best practices

Security Updates

SQL Injection Vulnerability (CVE-2024-36516) fixed in ADAudit Plus build 8000

Details

Impact

Steps to upgrade

Acknowledgements

ADAudit Plus Trusted By

Meet all auditing and IT security needs with ADAudit Plus.

A single pane of glass for complete Active Directory Auditing and Reporting