CVE-2024-34534

Name of the Vulnerable Software and Affected Versions Cybrosys Techno Solutions Text Commander module (aka text commander) versions 16.0 through 16.0.1

Description A SQL injection vulnerability in the Text Commander module allows a remote attacker to gain privileges via the data parameter to models/ir model.py:IrModel::chech model. This issue enables an attacker to potentially exploit the system.

Recommendations For versions 16.0 through 16.0.1, consider disabling the chech model function in models/ir model.py as a temporary workaround to minimize the risk of exploitation. Restrict access to the data parameter in the affected module to reduce the attack surface.