CVE-2024-45850

Published Sep 12, 2024

Last updated 2 months ago

Overview

Description
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for site column creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server.
Source
6f8de1f0-f67e-45a6-b68f-98777fdb759c
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

nvd@nist.gov
CWE-94
6f8de1f0-f67e-45a6-b68f-98777fdb759c
CWE-95

Social media

Hype score
Not currently trending

Configurations