3 matches found
CVE-2023-40955
CVE-2023-40955 affects Didotech srl Engineering & Lifecycle Management (aka pdm) versions 14.0, 15.0 and 16.0. A SQL injection vulnerability in the application allows a remote authenticated attacker to execute arbitrary code through the select parameter in the models/base_client.py component. Pat...
CVE-2023-40957
The CVE-2023-40957 issue affects Didotech srl Engineering & Lifecycle Management (pdm) versions 14.0–16.0. The root cause is a SQL injection vulnerability in the models/base_client.py component, which could allow a remote authenticated attacker to execute arbitrary code via the request parameter....
CVE-2023-40958
Summary: CVE-2023-40958 affects Didotech srl Engineering & Lifecycle Management (pdm) versions 14.0, 15.0, and 16.0. An SQL injection via the query parameter in models/base_client.py allows a remote authenticated attacker to execute arbitrary code. This vulnerability is fixed in pdm-14.0.1.0.0, p...