2 matches found
CVE-2025-53922 Galette has access control bypass
Galette is a membership management web application for non profit organizations. Starting in version 1.1.4 and prior to version 1.2.0, a user who is logged in as group manager may bypass intended restrictions on Contributions and Transactions. Version 1.2.0 fixes the issue...
CVE-2025-53922
CVE-2025-53922 affects Galette, a membership management web app. From version 1.1.4 up to (but not including) 1.2.0, a user logged in as a group manager may bypass intended restrictions on the Contributions and Transactions features (an access-control bypass). The issue is fixed in version 1.2.0....