CVE-2021-41262 HIGH

CVE-2021-41262: SQL Injection in Galette

Vendor Galette
Product galette
Weakness CWE-89 · SQLi
Published December 16, 2021
Last update August 4, 2024

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to SQL injection attacks by users with "member" privilege. Users are advised to upgrade to version 0.9.6 as soon as possible. There are no known workarounds.

Key dates

02Disclosure timeline

December 16, 2021 CVE published
August 4, 2024 Record updated