Home > Vulnerability Database > CVE-2023-40954

Mend.io Vulnerability Database

CVE-2023-40954

Good to know:

Date: December 14, 2023

A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recency parameter in models/web_progress.py component.

Language: Python

Severity Score

9.8

Related Resources (4)

Url: https://github.com/luvsn/OdZoo/tree/main/exploits/web_progress

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-40954

Url: https://github.com/gmarczynski/odoo-web-progress/commit/3c867f1cf7447449c81b1aa24ebb1f7ae757489f

Url: https://www.mend.io/vulnerability-database/CVE-2023-40954

Severity Score

9.8

Weakness Type (CWE)

SQL Injection

CWE-89

Top Fix

Upgrade Version

Upgrade to version v11.2.2,v12.2.2,v13.2.2,v14.2.2,v15.2.2,v16.2.2

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-40954

Good to know:

Date: December 14, 2023

Language: Python

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?