Skip to main content

Plextrac CVE-2024-11837

HIGH
SQL Injection (CWE-89)
2024-12-13 5fea7123-217b-4b2d-ada8-8892719b43cd
8.6
CVSS 4.0 · Vendor: 5fea7123-217b-4b2d-ada8-8892719b43cd
Share

Severity by source

Vendor (5fea7123-217b-4b2d-ada8-8892719b43cd) PRIMARY
8.6 HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red

Primary rating from Vendor (5fea7123-217b-4b2d-ada8-8892719b43cd) · only source for this CVE.

CVSS VectorVendor: 5fea7123-217b-4b2d-ada8-8892719b43cd

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
A
Scope
X

Lifecycle Timeline

1
CVE Published
Dec 13, 2024 - 06:15 cve.org
HIGH 8.6

DescriptionCVE.org

Improper Neutralization of Special Elements used in an N1QL Command ('N1QL Injection') vulnerability in PlexTrac  allows N1QL Injection.This issue affects PlexTrac: from 1.61.3 before 2.8.1.

AnalysisAI

Improper Neutralization of Special Elements used in an N1QL Command ('N1QL Injection') vulnerability in PlexTrac allows N1QL Injection.61.3 before 2.8.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. Improper Neutralization of Special Elements used in an N1QL Command ('N1QL Injection') vulnerability in PlexTrac allows N1QL Injection.61.3 before 2.8.1. Affected products include: Plextrac. Version information: before 2.8.1..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2022-37144 HIGH
8.8 Sep 08

The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission attempts. Rated high s

CVE-2024-11834 HIGH
8.9 Dec 13

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PlexTrac allows arbitrar

CVE-2024-11833 HIGH
8.9 Dec 13

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PlexTrac allows arbitrar

CVE-2024-12687 HIGH
8.6 Dec 16

Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitra

CVE-2024-11839 HIGH
8.6 Dec 13

Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitra

CVE-2024-11838 HIGH
8.6 Dec 13

External Control of File Name or Path vulnerability in PlexTrac allows Local Code Inclusion through use of an undocument

CVE-2024-11836 HIGH
8.6 Dec 13

Server-Side Request Forgery (SSRF) vulnerability in PlexTrac allowing requests to internal system resources.61.3 before

CVE-2022-37145 HIGH
7.5 Sep 08

The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configure

CVE-2024-11835 HIGH
7.0 Dec 13

Uncontrolled Resource Consumption vulnerability in PlexTrac allows WebSocket DoS.61.3 before 2.8.1. Rated high severity

CVE-2022-37146 MEDIUM
5.3 Sep 08

The PlexTrac platform prior to version 1.28.0 allows for username enumeration via HTTP response times on invalid login a

Share

CVE-2024-11837 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy