CVE-2023-40954

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 15, 2023

Updated: Dec 20, 2023

CWE ID 89

Summary

CVE-2023-40954 is a SQL injection vulnerability affecting multiple versions of Grzegorz Marczynski's Dynamic Progress Bar (web_progress) from v11.0 through v16.0.2.1. An attacker can exploit this issue by manipulating the recency parameter in models/web_progress.py, allowing them to inject malicious SQL code and potentially gain privileges. This flaw poses a significant risk, making it essential for users to update their web_progress package to a fixed version promptly.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sbNOZ2
https://www.cve.org/CVERecord?id=CVE-2023-40954
https://nvd.nist.gov/vuln/detail/CVE-2023-40954

Back to Vulnerability Database

CVE-2023-40954

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations