CVE-2024-30923

SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering
Configurations

No configuration.

History

21 Nov 2024, 09:12

Type Values Removed Values Added
References () https://chocapikk.com/posts/2024/derbynet-vulnerabilities/ - () https://chocapikk.com/posts/2024/derbynet-vulnerabilities/ -

08 Aug 2024, 16:35

Type Values Removed Values Added
CWE CWE-94
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

19 Apr 2024, 13:10

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de inyección SQL en DerbyNet v9.0 y anteriores permite a un atacante remoto ejecutar código arbitrario a través de la cláusula donde en Racer Document Rendering

18 Apr 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-18 21:15

Updated : 2024-11-21 09:12


NVD link : CVE-2024-30923

Mitre link : CVE-2024-30923

CVE.ORG link : CVE-2024-30923


JSON object : View

Products Affected

No product.

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')