Vulnerability CVE-2021-41262
Published: 2021-12-16

Description:
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to SQL injection attacks by users with "member" privilege. Users are advised to upgrade to version 0.9.6 as soon as possible. There are no known workarounds.

Type:

CWE-89

 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Galette -> Galette 

 References:
https://github.com/galette/galette/commit/8e940641b5ed46c3f471332827df388ea00a85d3
https://github.com/galette/galette/security/advisories/GHSA-936f-xvgq-fg74
Copyright 2024, cxsecurity.com

 

Back to Top