CVE-2024-34534

2024-05-0621:15:48

[email protected]

web.nvd.nist.gov

cybrosys techno solutions

sql injection

text commander

remote attacker

privileges

irmodel

cve-2024-34534

8.8 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

8.6%

JSON

A SQL injection vulnerability in Cybrosys Techno Solutions Text Commander module (aka text_commander) 16.0 through 16.0.1 allows a remote attacker to gain privileges via the data parameter to models/ir_model.py:IrModel::chech_model.

References

github.com/luvsn/OdZoo/tree/main/exploits/text_commander