CVE-2023-40957

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management aka pdm v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the request parameter in models/baseclient.py compone...

CVE-2023-40958

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management aka pdm v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the query parameter in models/baseclient.py component...

CVE-2023-40955

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management aka pdm v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the select parameter in models/baseclient.py componen...

Sql injection

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management aka pdm v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the select parameter in models/baseclient.py componen...

Sql injection

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management aka pdm v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the request parameter in models/baseclient.py compone...

Sql injection

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management aka pdm v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the query parameter in models/baseclient.py component...

Didotech srl Engineering & Lifecycle Management SQL Injection Vulnerability

Didotech srl Engineering & Lifecycle Management is a suite of open source commercial applications from Didotech srl. A security vulnerability exists in Didotech srl Engineering & Lifecycle Management aka pdm versions prior to 14.0.1.0.0, prior to 15.0.1.0.0, and prior to 16.0.1.0, which originate...

CVE-2023-40957

The CVE-2023-40957 issue affects Didotech srl Engineering & Lifecycle Management (pdm) versions 14.0–16.0. The root cause is a SQL injection vulnerability in the models/base_client.py component, which could allow a remote authenticated attacker to execute arbitrary code via the request parameter....

CVE-2023-40958

Summary: CVE-2023-40958 affects Didotech srl Engineering & Lifecycle Management (pdm) versions 14.0, 15.0, and 16.0. An SQL injection via the query parameter in models/base_client.py allows a remote authenticated attacker to execute arbitrary code. This vulnerability is fixed in pdm-14.0.1.0.0, p...

CVE-2023-40957

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management aka pdm v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the request parameter in models/baseclient.py compone...

CVE-2023-40958

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management aka pdm v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the query parameter in models/baseclient.py component...

CVE-2023-40958

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management aka pdm v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the query parameter in models/baseclient.py component...

CVE-2023-40955

CVE-2023-40955 affects Didotech srl Engineering & Lifecycle Management (aka pdm) versions 14.0, 15.0 and 16.0. A SQL injection vulnerability in the application allows a remote authenticated attacker to execute arbitrary code through the select parameter in the models/base_client.py component. Pat...

CVE-2023-40955

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management aka pdm v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the select parameter in models/baseclient.py componen...

CVE-2023-40955

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management aka pdm v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the select parameter in models/baseclient.py componen...

CVE-2023-40957

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management aka pdm v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the request parameter in models/baseclient.py compone...