CVE-2024-9774

CVSS v2.0

8.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:P/A:P

Name of the Vulnerable Software and Affected Versions python-sql (affected versions not specified)

Description A vulnerability was found in python-sql where unary operators do not escape non-Expression, such as And and Or. This makes any system exposing those vulnerable to an SQL injection attack, allowing a remote attacker to execute arbitrary SQL code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-150CWE-89CWE-76

Related Identifiers

BDU:2024-08916

CVE-2024-9774

DLA-3932-1

DSA-5795-1

GHSA-PQ9P-PC3P-9HM4

OPENSUSE-SU-2024:0412-1

OPENSUSE-SU-2024:0413-1

Affected Products

Python-Sql

CVE-2024-9774

Weakness Enumeration

Related Identifiers

Affected Products

References · 31