CVE-2023-31450: 
PRTG Network Monitor vulnerability analysis and mitigation

A path traversal vulnerability (CVE-2023-31450) was identified in the SQL v2 sensors in PRTG 23.2.84.1566 and earlier versions. The vulnerability affects the ADO SQL v2 sensor, Microsoft SQL v2 sensor, MySQL v2 sensor, and Oracle SQL v2 sensor. It was discovered and disclosed in August 2023, with a fix released in version 23.3.86.1520 (Vendor Advisory).

The vulnerability allows an authenticated user with write permissions to trick the SQL v2 sensors into behaving differently for existing files and non-existing files. This behavior made it possible to traverse paths, allowing the sensor to execute files outside the designated custom sensors folder. The vulnerability has been assigned a CVSS v3.1 base score of 4.7 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L (NVD).

The vulnerability can lead to unauthorized file access and execution outside of the intended custom sensors directory. The impact is considered medium with low confidentiality, integrity, and availability impacts, as indicated by the CVSS score (NVD).

The vulnerability has been fixed in PRTG version 23.3.86.1520. Users are recommended to update to this version or later through PRTG's Auto-Update feature to maintain the highest level of security (Vendor Advisory, Release Notes).