5 matches found
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection through the adminroleactions method of the papertrailversion.rb file. An attacker can manipulate SQL queries to disclose sensitive information, read and write files, or execute commands. Remediation Upgrade...
CVE-2024-43415 Decidim-Awesome: SQL injection in AdminAccountability
An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidimawesome-module 0.9.0 allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands...
CVE-2024-43415 Decidim-Awesome: SQL injection in AdminAccountability
An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidimawesome-module 0.9.0 allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands...
Decidim-Awesome has SQL injection in AdminAccountability
Vulnerability type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' Vendor: Decidim International Community Environment Has vendor confirmed: Yes Attack type: Remote Impact: Code Execution Escalation of Privileges Information Disclosure Affected component:...
PT-2024-30573 · Unknown · Decidim Awesome-Module
Name of the Vulnerable Software and Affected Versions: decidim awesome-module versions 0.9.0 through 0.11.1 Description: An improper neutralization of special elements used in an SQL command in the papertrail/version-model of the decidim awesome-module allows an authenticated admin user to...