Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method. NOTE: the vendor's position is that this is intended behavior.
History

Wed, 11 Dec 2024 19:15:00 +0000

Type Values Removed Values Added
Description Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method. Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method. NOTE: the vendor's position is that this is intended behavior.

Wed, 11 Dec 2024 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 10 Dec 2024 14:00:00 +0000

Type Values Removed Values Added
Description Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-12-10T00:00:00

Updated: 2024-12-11T19:06:51.698415Z

Reserved: 2024-12-09T00:00:00

Link: CVE-2024-55586

cve-icon Vulnrichment

Updated: 2024-12-11T15:23:55.394Z

cve-icon NVD

Status : Received

Published: 2024-12-10T14:30:47.813

Modified: 2024-12-12T02:08:22.247

Link: CVE-2024-55586

cve-icon Redhat

No data.