CVE-2023-48050

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-48050
SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v. 13.0 through 16.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the db parameter in the controllers/controllers.py component.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/luvsn/OdZoo/tree/main/exploits/odoo-biometric-attendance Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:camsbiometrics:zkteco\,_essl\,_cams_biometrics_integration_module:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:odoo:biometric_attendance:*:*:*:*:*:*:*:*
History

27 Dec 2023, 18:36

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:camsbiometrics:zkteco\,_essl\,_cams_biometrics_integration_module:*:*:*:*:*:*:*:*
cpe:2.3:a:odoo:biometric_attendance:*:*:*:*:*:*:*:*
CWE CWE-89
First Time Camsbiometrics
Odoo
Odoo biometric Attendance
Camsbiometrics zkteco\, Essl\, Cams Biometrics Integration Module
References () https://github.com/luvsn/OdZoo/tree/main/exploits/odoo-biometric-attendance - () https://github.com/luvsn/OdZoo/tree/main/exploits/odoo-biometric-attendance - Third Party Advisory

15 Dec 2023, 13:42

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de inyección SQL en Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (también conocido como odoo-biometric-attendance) v. 13.0 a 16.0.1 permite a un atacante remoto ejecutar código arbitrario y obtener privilegios a través del parámetro db en el componente controllers/controllers.py.

15 Dec 2023, 01:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-12-15 01:15

Updated : 2023-12-27 18:36

NVD link : CVE-2023-48050

Mitre link : CVE-2023-48050

CVE.ORG link : CVE-2023-48050

JSON object : View

Products Affected

odoo

  • biometric_attendance

camsbiometrics

  • zkteco\,_essl\,_cams_biometrics_integration_module
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')