CVE-2023-40954

Name of the Vulnerable Software and Affected Versions Grzegorz Marczynski Dynamic Progress Bar versions 11.0 through 11.0.2 Grzegorz Marczynski Dynamic Progress Bar versions 12.0 through 12.0.2 Grzegorz Marczynski Dynamic Progress Bar versions 13.0 through 13.0.2 Grzegorz Marczynski Dynamic Progress Bar versions 14.0 through 14.0.2.1 Grzegorz Marczynski Dynamic Progress Bar versions 15.0 through 15.0.2 Grzegorz Marczynski Dynamic Progress Bar versions 16.0 through 16.0.2.1

Description A SQL injection issue allows a remote attacker to gain privileges via the recency parameter in the models/web progress.py component.

Recommendations For versions 11.0 through 11.0.2, update to a version outside of this range to resolve the issue. For versions 12.0 through 12.0.2, update to a version outside of this range to resolve the issue. For versions 13.0 through 13.0.2, update to a version outside of this range to resolve the issue. For versions 14.0 through 14.0.2.1, update to a version outside of this range to resolve the issue. For versions 15.0 through 15.0.2, update to a version outside of this range to resolve the issue. For versions 16.0 through 16.0.2.1, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the recency parameter in the models/web progress.py component until a patch is available.