CVE-2024-11504

Input from multiple fields in Streamsoft Prestiż is not sanitized properly, leading to an SQL injection vulnerability, which might be exploited by an authenticated remote attacker. This issue was fixed in 18.1.376.37 version of the software.

CVSS

No CVSS.

References

Link	Resource
https://cert.pl/en/posts/2025/03/CVE-2024-7407/
https://www.streamsoft.pl/streamsoft-prestiz/

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) La entrada de varios campos en Streamsoft Presti? no se desinfecta correctamente, lo que genera una vulnerabilidad de inyección SQL que un atacante remoto autenticado podría explotar. Este problema se solucionó en la versión 18.1.376.37 del software.

28 Mar 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-28 13:15

Updated : 2026-04-15 00:35

NVD link : CVE-2024-11504

Mitre link : CVE-2024-11504

CVE.ORG link : CVE-2024-11504

JSON object : View

Products Affected

No product.

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2024-11504", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cvd@cert.pl", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-03-28T13:15:39.663", "references": [{"url": "https://cert.pl/en/posts/2025/03/CVE-2024-7407/", "source": "cvd@cert.pl"}, {"url": "https://www.streamsoft.pl/streamsoft-prestiz/", "source": "cvd@cert.pl"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "cvd@cert.pl", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Input from multiple fields in\u00a0Streamsoft Presti\u017c is not sanitized properly, leading to an SQL injection vulnerability, which might be exploited by an authenticated remote attacker.\u00a0\nThis issue was fixed in\u00a018.1.376.37 version of the software."}, {"lang": "es", "value": "La entrada de varios campos en Streamsoft Presti? no se desinfecta correctamente, lo que genera una vulnerabilidad de inyecci\u00f3n SQL que un atacante remoto autenticado podr\u00eda explotar. Este problema se solucion\u00f3 en la versi\u00f3n 18.1.376.37 del software."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "cvd@cert.pl"}