CVE-2024-50631

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_21", "name": "Synology-SA-24:21 Synology Drive Server (PWN2OWN 2024)", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in the system syncing daemon in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to inject SQL commands, limited to write operations, via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-89"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-50631", "ASSIGNER": "security@synology.com"}}, "impact": {}, "publishedDate": "2025-03-19T06:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-03-19T06:15Z"}