CVE-2024-12745

HIGH Year: 2024
CVSS v3 Score
8.0
High
Weakness Type
CWE-89
View all →

Vulnerability Description

A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the get_schemas, get_tables, or get_columns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.5 or revert to driver version 2.1.3.

Related Vulnerabilities

CVE-2015-10038

HIGH
CVSS:8.0(High)

A vulnerability was found in nym3r0s pplv2. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The patch is named 28...

CWE-892015

CVE-2015-10039

HIGH
CVSS:8.0(High)

A vulnerability was found in dobos domino. It has been rated as critical. Affected by this issue is some unknown functionality in the library src/Complex.Domino.Lib/Lib/EntityFactory.cs. The manipulat...

CWE-892015

CVE-2015-8356

HIGH
CVSS:8.0(High)

Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to admi...

CWE-892015

CVE-2018-16850

HIGH
CVSS:8.0(High)

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can caus...

CWE-892018

CVE-2020-10802

HIGH
CVSS:8.0(High)

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search acti...

CWE-892020

CVE-2020-10804

HIGH
CVSS:8.0(High)

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/User...

CWE-892020