{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-11504", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "state": "PUBLISHED", "assignerShortName": "CERT-PL", "dateReserved": "2024-11-20T18:47:35.492Z", "datePublished": "2025-03-28T12:54:11.472Z", "dateUpdated": "2025-03-28T13:41:20.694Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Streamsoft Presti\u017c", "vendor": "Streamsoft", "versions": [{"lessThan": "18.1.376.37", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Kamil D\u0105bkowski"}], "datePublic": "2025-03-28T11:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Input from multiple fields in&nbsp;</span>Streamsoft Presti\u017c is not sanitized properly, leading to an SQL injection vulnerability, which might be exploited by an authenticated remote attacker.&nbsp;<br>This issue was fixed in&nbsp;18.1.376.37 version of the software."}], "value": "Input from multiple fields in\u00a0Streamsoft Presti\u017c is not sanitized properly, leading to an SQL injection vulnerability, which might be exploited by an authenticated remote attacker.\u00a0\nThis issue was fixed in\u00a018.1.376.37 version of the software."}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.6, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2025-03-28T12:54:11.472Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://cert.pl/en/posts/2025/03/CVE-2024-7407/"}, {"tags": ["product"], "url": "https://www.streamsoft.pl/streamsoft-prestiz/"}], "source": {"discovery": "UNKNOWN"}, "title": "SQL Injection in Streamsoft Presti\u017c", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-28T13:41:12.398117Z", "id": "CVE-2024-11504", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-28T13:41:20.694Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-11504", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-28T13:41:12.398117Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-28T13:41:16.370Z"}}], "cna": {"title": "SQL Injection in Streamsoft Presti\u017c", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Kamil D\u0105bkowski"}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Streamsoft", "product": "Streamsoft Presti\u017c", "versions": [{"status": "affected", "version": "0", "lessThan": "18.1.376.37", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2025-03-28T11:00:00.000Z", "references": [{"url": "https://cert.pl/en/posts/2025/03/CVE-2024-7407/", "tags": ["third-party-advisory"]}, {"url": "https://www.streamsoft.pl/streamsoft-prestiz/", "tags": ["product"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Input from multiple fields in\u00a0Streamsoft Presti\u017c is not sanitized properly, leading to an SQL injection vulnerability, which might be exploited by an authenticated remote attacker.\u00a0\nThis issue was fixed in\u00a018.1.376.37 version of the software.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Input from multiple fields in&nbsp;</span>Streamsoft Presti\u017c is not sanitized properly, leading to an SQL injection vulnerability, which might be exploited by an authenticated remote attacker.&nbsp;<br>This issue was fixed in&nbsp;18.1.376.37 version of the software.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2025-03-28T12:54:11.472Z"}}}, "cveMetadata": {"cveId": "CVE-2024-11504", "state": "PUBLISHED", "dateUpdated": "2025-03-28T13:41:20.694Z", "dateReserved": "2024-11-20T18:47:35.492Z", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "datePublished": "2025-03-28T12:54:11.472Z", "assignerShortName": "CERT-PL"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Input from multiple fields in\u00a0Streamsoft Presti\u017c is not sanitized properly, leading to an SQL injection vulnerability, which might be exploited by an authenticated remote attacker.\u00a0\nThis issue was fixed in\u00a018.1.376.37 version of the software."}, {"lang": "es", "value": "La entrada de varios campos en Streamsoft Presti? no se desinfecta correctamente, lo que genera una vulnerabilidad de inyecci\u00f3n SQL que un atacante remoto autenticado podr\u00eda explotar. Este problema se solucion\u00f3 en la versi\u00f3n 18.1.376.37 del software."}], "id": "CVE-2024-11504", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cvd@cert.pl", "type": "Secondary"}]}, "published": "2025-03-28T13:15:39.663", "references": [{"source": "cvd@cert.pl", "url": "https://cert.pl/en/posts/2025/03/CVE-2024-7407/"}, {"source": "cvd@cert.pl", "url": "https://www.streamsoft.pl/streamsoft-prestiz/"}], "sourceIdentifier": "cvd@cert.pl", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "cvd@cert.pl", "type": "Secondary"}]}

{}

{}