Vulnerability Details CVE-2023-40958
A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the query parameter in models/base_client.py component.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.032
EPSS Ranking 86.6%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2023-40958
-
cpe:2.3:a:didotech:engineering_&_lifecycle_management:14.0
-
cpe:2.3:a:didotech:engineering_&_lifecycle_management:15.0
-
cpe:2.3:a:didotech:engineering_&_lifecycle_management:16.0