VDB

GCVE-110-MAGEIA-2024-120

GCVE-110-MAGEIA-2024-120
Advisory Published
Vulnetix · Advisory published April 11, 2024
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. (CVE-2024-1597)

Affected Products

VendorProductVersionsPlatforms
Mageianextcloud-client0 (affected), 3.12.3-1.mga9 (unaffected)
Mageiapostgresql-jdbc0 (affected), 42.5.6-1.mga9 (unaffected), 0 (affected), 42.5.6-1.mga9 (unaffected)

Browse GCVE Records

73,866 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›