Description
Input from multiple fields in Streamsoft Prestiż is not sanitized properly, leading to an SQL injection vulnerability, which might be exploited by an authenticated remote attacker. This issue was fixed in 18.1.376.37 version of the software.
References (2)
Core 2
Core References
Various Sources third-party-advisory
https://cert.pl/en/posts/2025/03/CVE-2024-7407/
Various Sources product
https://www.streamsoft.pl/streamsoft-prestiz/
Scores
CVSS v4
8.6
EPSS
0.0040
EPSS Percentile
31.8%
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (1)
Streamsoft/Streamsoft Prestiż
< 18.1.376.37
Published
Mar 28, 2025
Tracked Since
Feb 18, 2026