PT-2024-2256 · Microsoft · Django Backend For Sql Server
Federico Martinez
·
Published
2024-03-12
·
Updated
2024-12-06
·
CVE-2024-26164
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Microsoft Django Backend for SQL Server (affected versions not specified)
Description
The issue is related to the failure to protect the SQL query structure when handling an unsanitized parameter, which can be exploited by a remote attacker to execute arbitrary code using a specially crafted query.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
SQL injection
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Django Backend For Sql Server