Sql injection

2023-12-1501:15:00

PRIOn knowledge base

www.prio-n.com

sql injection

cams biometrics

zkteco

essl

integration module

hr attendance

odoo-biometric-attendance

remote attacker

arbitrary code

privileges

controllers.py

9.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

39.1%

JSON

SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v. 13.0 through 16.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the db parameter in the controllers/controllers.py component.

CPENameOperatorVersion
zkteco\\,_essl\\,_cams_biometrics_integration_modulege13.0
zkteco\\,_essl\\,_cams_biometrics_integration_modulele16.0.1
biometric_attendancege13.0
biometric_attendancele16.0.1

Name	Operator	Version
zkteco\\,_essl\\,_cams_biometrics_integration_module	ge	13.0
zkteco\\,_essl\\,_cams_biometrics_integration_module	le	16.0.1
biometric_attendance	ge	13.0
biometric_attendance	le	16.0.1

References

github.com/luvsn/OdZoo/tree/main/exploits/odoo-biometric-attendance