CVE-2023-40954

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-40954

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-40954.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-40954

Published

2023-12-15T01:15:07Z

Modified

2025-01-15T04:57:24.619032Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka webprogress) v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recency parameter in models/webprogress.py component.

References

Affected packages

Git / github.com/gmarczynski/odoo-web-progress

Affected ranges

Type: GIT
Repo: https://github.com/gmarczynski/odoo-web-progress
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3c867f1cf7447449c81b1aa24ebb1f7ae757489f

Fixed

3c867f1cf7447449c81b1aa24ebb1f7ae757489f

Affected versions

12.*

12.0.1.0

v11.*

v11.0.1.0

v11.0.1.1

v11.0.1.2

v12.*

v12.0.1.1

v12.0.1.2

v15.*

v15.20.0.1

v16.*

v16.2.1