Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2024/11/12 7:52 p.m.19 views

Decidim-Awesome has SQL injection in AdminAccountability

Vulnerability type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' Vendor: Decidim International Community Environment Has vendor confirmed: Yes Attack type: Remote Impact: Code Execution Escalation of Privileges Information Disclosure Affected component:...

9CVSS9.3AI score0.0066EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/12 3:45 p.m.13 views

CVE-2024-43415 Decidim-Awesome: SQL injection in AdminAccountability

An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidimawesome-module 0.9.0 allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands...

9CVSS7.4AI score0.0066EPSS
Exploits0References3
CVE
CVE
added 2024/11/12 3:45 p.m.54 views

CVE-2024-43415

CVE-2024-43415 — A SQL injection in the decidim_awesome-module (papertrail/version-model) allows an authenticated admin to manipulate SQL queries in vulnerable versions (0.9.0–0.11.1). This can lead to information disclosure, filesystem read/write, or remote code execution. Root cause: improper n...

9CVSS9.3AI score0.0066EPSS
Exploits0References3
RubySec
RubySec
added 2024/11/12 12:0 a.m.16 views

Decidim-Awesome has SQL injection in AdminAccountability

Vulnerability type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' Vendor: Decidim International Community Environment Has vendor confirmed: Yes Attack type: Remote Impact: Code Execution Escalation of Privileges Information Disclosure Affected component:...

9CVSS8.6AI score0.0066EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/12 12:0 a.m.5 views

PT-2024-30573 · Unknown · Decidim Awesome-Module

Name of the Vulnerable Software and Affected Versions: decidim awesome-module versions 0.9.0 through 0.11.1 Description: An improper neutralization of special elements used in an SQL command in the papertrail/version-model of the decidim awesome-module allows an authenticated admin user to...

9CVSS8.2AI score0.0066EPSS
Exploits0References11
Rows per page
Query Builder