CVE-2024-11504

HIGH

Streamsoft Prestiż <18.1.376.37 - SQL Injection

Title source: llm
STIX 2.1

Description

Input from multiple fields in Streamsoft Prestiż is not sanitized properly, leading to an SQL injection vulnerability, which might be exploited by an authenticated remote attacker.  This issue was fixed in 18.1.376.37 version of the software.

References (2)

Core 2
Core References
Various Sources third-party-advisory
https://cert.pl/en/posts/2025/03/CVE-2024-7407/

Scores

CVSS v4 8.6
EPSS 0.0040
EPSS Percentile 31.8%
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
Streamsoft/Streamsoft Prestiż < 18.1.376.37
Published Mar 28, 2025
Tracked Since Feb 18, 2026