VDB
GCVE-110-MAGEIA-2024-120
GCVE-110-MAGEIA-2024-120
Advisory Published
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if
using PreferQueryMode=SIMPLE. Note this is not the default. In the
default mode there is no vulnerability. A placeholder for a numeric
value must be immediately preceded by a minus. There must be a second
placeholder for a string value after the first placeholder; both must be
on the same line. By constructing a matching string payload, the
attacker can inject SQL to alter the query,bypassing the protections
that parameterized queries bring against SQL Injection attacks.
(CVE-2024-1597)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | nextcloud-client | 0 (affected), 3.12.3-1.mga9 (unaffected) | — |
| Mageia | postgresql-jdbc | 0 (affected), 42.5.6-1.mga9 (unaffected), 0 (affected), 42.5.6-1.mga9 (unaffected) | — |
Aliases
References
Browse GCVE Records
73,866 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.