Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method. NOTE: the vendor's position is that this is intended behavior.
Metrics
Affected Vendors & Products
References
History
Wed, 11 Dec 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method. | Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method. NOTE: the vendor's position is that this is intended behavior. |
Wed, 11 Dec 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-89 | |
Metrics |
cvssV3_1
|
Tue, 10 Dec 2024 14:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-12-10T00:00:00
Updated: 2024-12-11T19:06:51.698415Z
Reserved: 2024-12-09T00:00:00
Link: CVE-2024-55586
Vulnrichment
Updated: 2024-12-11T15:23:55.394Z
NVD
Status : Received
Published: 2024-12-10T14:30:47.813
Modified: 2024-12-12T02:08:22.247
Link: CVE-2024-55586
Redhat
No data.