luvsn/OdZoo

GitHub

github.com

Releases0

Stars4

Exploits for vulnerabilities found in Odoo modules available on the Apps Store

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-34532 ↗	May 6, 2024Monday, 6 May 2024, 21:15	9.8 CRITICAL	—
A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module (aka query_deluxe) 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::get_result_from_query.
CVE-2024-34533 ↗	May 6, 2024Monday, 6 May 2024, 21:15	7.3 HIGH	—
A SQL injection vulnerability in ZI PT Solusi Usaha Mudah Analytic Data Query module (aka izi_data) 11.0 through 17.x before 17.0.3 allows a remote attacker to gain privileges via a query to IZITools::query_check, IZITools::query_fetch, or IZITools::query_execute.
CVE-2024-34534 ↗	May 6, 2024Monday, 6 May 2024, 21:15	7.3 HIGH	—
A SQL injection vulnerability in Cybrosys Techno Solutions Text Commander module (aka text_commander) 16.0 through 16.0.1 allows a remote attacker to gain privileges via the data parameter to models/ir_model.py:IrModel::chech_model.
CVE-2023-48050 ↗	Dec 15, 2023Friday, 15 December 2023, 01:15	9.8 CRITICAL	—
SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v. 13.0 through 16.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the db parameter in the controllers/controllers.py component.
CVE-2023-40954 ↗	Dec 15, 2023Friday, 15 December 2023, 01:15	9.8 CRITICAL	—
A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recency parameter in models/web_progress.py component.
CVE-2023-48049 ↗	Dec 15, 2023Friday, 15 December 2023, 00:15	9.8 CRITICAL	—
A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search (aka website_search_blog) v. 13.0 through 13.0.1.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the name parameter in controllers/main.py component.
CVE-2023-40955 ↗	Sep 15, 2023Friday, 15 September 2023, 00:15	8.8 HIGH	—
A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the select parameter in models/base_client.py component.
CVE-2023-40956 ↗	Sep 15, 2023Friday, 15 September 2023, 00:15	8.8 HIGH	—
A SQL injection vulnerability in Cloudroits Website Job Search v.15.0 allows a remote authenticated attacker to execute arbitrary code via the name parameter in controllers/main.py component.
CVE-2023-40957 ↗	Sep 15, 2023Friday, 15 September 2023, 00:15	8.8 HIGH	—
A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the request parameter in models/base_client.py component.
CVE-2023-40958 ↗	Sep 15, 2023Friday, 15 September 2023, 00:15	8.8 HIGH	—
A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the query parameter in models/base_client.py component.