CVE-2023-48050

SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v. 13.0 through 16.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the db parameter in the controllers/controllers.py component.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
VendorProductVersion
camsbiometricszkteco\,_essl\,_cams_biometrics_integration_module
13.0 ≤
𝑥
≤ 16.0.1
odoobiometric_attendance
13.0 ≤
𝑥
≤ 16.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/luvsn/OdZoo/tree/main/exploits/odoo-biometric-attendance
https://github.com/luvsn/OdZoo/tree/main/exploits/odoo-biometric-attendance