CVE-2024-43415

Published Nov 12, 2024

Last updated 4 days ago

CVSS critical 9.0

Overview

Description
An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidim_awesome-module <= v0.11.1 (> 0.9.0) allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9
Impact score
6
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
Severity
CRITICAL

Weaknesses

security-advisories@github.com
CWE-89

Social media

Hype score
Not currently trending

  1. RubySec ➜ CVE-2024-43415 (decidim-decidim_awesome): Decidim-Awesome has SQL injection in AdminAccountability https://t.co/tViguIpYrq

    @rubylandnews

    13 Nov 2024

    105 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2024-43415 An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidim_awesome-module &lt;= v0.11.1 (&gt; 0.9.0) allows an au… https://t.co/2YosNRanKX

    @CVEnew

    12 Nov 2024

    247 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. [CVE-2024-43415: CRITICAL] Vulnerability in SQL command handling in Decidim module v0.11.1 allows admin user to manipulate queries, exposing data, reading/writing files or executing commands.#cybersecurity,#vulnerability https://t.co/FPWRUAz5Zc https://t.co/wLwH5kc4Db

    @CveFindCom

    12 Nov 2024

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References