CVE-2023-40954

Published Dec 15, 2023

Last updated a year ago

CVSS critical 9.8

Overview

Description: A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recency parameter in models/web_progress.py component.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

nvd@nist.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:gmarczynski:dynamic_progress_bar:*:*:*:*:*:odoo:*:*",
            "vulnerable": true,
            "matchCriteriaId": "531985A9-B207-4725-A508-655C123CF6E2",
            "versionEndIncluding": "11.0.2",
            "versionStartIncluding": "11.0"
          },
          {
            "criteria": "cpe:2.3:a:gmarczynski:dynamic_progress_bar:*:*:*:*:*:odoo:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42FC7AF6-AE47-4E22-9B09-676E195138D5",
            "versionEndIncluding": "12.0.2",
            "versionStartIncluding": "12.0"
          },
          {
            "criteria": "cpe:2.3:a:gmarczynski:dynamic_progress_bar:*:*:*:*:*:odoo:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17D1D5E9-5642-40EE-B479-9B784BE3F165",
            "versionEndIncluding": "13.0.2",
            "versionStartIncluding": "13.0"
          },
          {
            "criteria": "cpe:2.3:a:gmarczynski:dynamic_progress_bar:*:*:*:*:*:odoo:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E0D60DD-2F14-408E-9046-E7F1628480D8",
            "versionEndIncluding": "14.0.2.1",
            "versionStartIncluding": "14.0"
          },
          {
            "criteria": "cpe:2.3:a:gmarczynski:dynamic_progress_bar:*:*:*:*:*:odoo:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BDE686CC-6D2E-4987-B730-396C326D0442",
            "versionEndIncluding": "15.0.2",
            "versionStartIncluding": "15.0"
          },
          {
            "criteria": "cpe:2.3:a:gmarczynski:dynamic_progress_bar:*:*:*:*:*:odoo:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C6442BB-E4BD-4909-9A0D-DCA9C2C8881C",
            "versionEndIncluding": "16.0.2.1",
            "versionStartIncluding": "16.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References