CVE-2024-34532

Name of the Vulnerable Software and Affected Versions Yvan Dotet PostgreSQL Query Deluxe module versions 17.x before 17.0.0.4

Description A SQL injection issue allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::get result from query. This enables the attacker to potentially execute malicious SQL code.

Recommendations For versions 17.x before 17.0.0.4, update to version 17.0.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the QueryDeluxe module or limiting the input allowed for the query parameter until a patch is applied.