Description

An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidim_awesome-module <= v0.11.1 (> 0.9.0) allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands.

INFO

Published Date :

2024-11-12T15:45:51.312Z

Last Modified :

2024-11-14T16:31:36.386Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-43415 vulnerability.

Vendors Products
Decidim International Community Environment
  • Decidim-module-decidim Awesome
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-43415.

URL Resource
https://github.com/decidim-ice/decidim-module-decidim_awesome/commit/84374037d34a3ac80dc18406834169c65869f11b cve-icon cve-icon
https://github.com/decidim-ice/decidim-module-decidim_awesome/security/advisories/GHSA-cxwf-qc32-375f cve-icon cve-icon
https://pentest.ait.ac.at/security-advisory/decidim-awesome-sql-injection-in-adminaccountability cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact