CVE-2024-11837

Improper Neutralization of Special Elements used in an N1QL Command ('N1QL Injection') vulnerability in PlexTrac allows N1QL Injection.This issue affects PlexTrac: from 1.61.3 before 2.8.1.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://docs.plextrac.com/plextrac-documentation/master/security-advisories#release-2.11.0	Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:plextrac:plextrac:*:*:*:*:*:*:*:*

History

01 Oct 2025, 18:28

Type	Values Removed	Values Added
References	~~() https://docs.plextrac.com/plextrac-documentation/master/security-advisories#release-2.11.0 -~~	() https://docs.plextrac.com/plextrac-documentation/master/security-advisories#release-2.11.0 - Release Notes
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
CPE		cpe:2.3:a:plextrac:plextrac::::::::
First Time		Plextrac plextrac Plextrac
Summary		(es) La vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un comando N1QL ('Inyección N1QL') en PlexTrac permite la inyección N1QL. Este problema afecta a PlexTrac: desde 1.61.3 hasta 2.8.1.

13 Dec 2024, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-13 06:15

Updated : 2025-10-01 18:28

NVD link : CVE-2024-11837

Mitre link : CVE-2024-11837

CVE.ORG link : CVE-2024-11837

JSON object : View

Products Affected

plextrac

plextrac

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2024-11837", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "5fea7123-217b-4b2d-ada8-8892719b43cd", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "RED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-12-13T06:15:25.940", "references": [{"url": "https://docs.plextrac.com/plextrac-documentation/master/security-advisories#release-2.11.0", "tags": ["Release Notes"], "source": "5fea7123-217b-4b2d-ada8-8892719b43cd"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "5fea7123-217b-4b2d-ada8-8892719b43cd", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an N1QL Command ('N1QL Injection') vulnerability in PlexTrac\u00a0 allows N1QL Injection.This issue affects PlexTrac: from 1.61.3 before 2.8.1."}, {"lang": "es", "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando N1QL ('Inyecci\u00f3n N1QL') en PlexTrac permite la inyecci\u00f3n N1QL. Este problema afecta a PlexTrac: desde 1.61.3 hasta 2.8.1."}], "lastModified": "2025-10-01T18:28:11.450", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:plextrac:plextrac:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68B04114-8689-4799-883E-1B531CD5327A", "versionEndExcluding": "2.8.1", "versionStartIncluding": "1.61.3"}], "operator": "OR"}]}], "sourceIdentifier": "5fea7123-217b-4b2d-ada8-8892719b43cd"}