2 matches found
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection through the adminroleactions method of the papertrailversion.rb file. An attacker can manipulate SQL queries to disclose sensitive information, read and write files, or execute commands. Remediation Upgrade...
GHSA-CXWF-QC32-375F Decidim-Awesome has SQL injection in AdminAccountability
Vulnerability type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' Vendor: Decidim International Community Environment Has vendor confirmed: Yes Attack type: Remote Impact: Code Execution Escalation of Privileges Information Disclosure Affected component:...