PyPi: Mocodo

CVE-2024-35374

Safety vulnerability ID: 71899

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at May 24, 2024 Updated at Jun 16, 2025

Scan your Python projects for vulnerabilities →

Advisory

Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary commands and potentially command injection, leading to remote code execution (RCE) under certain conditions.

Affected package

mocodo

Latest version: 4.3.2

Modélisation Conceptuelle de Données. Nickel. Ni souris.

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

https://github.com/advisories/GHSA-j6cv-98jx-mrwr
https://github.com/laowantong/mocodo/commit/f9368df28518b6c4a92fd207c260f1978ec34d6e
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35374

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application