CVE-2021-41262

high

Description

Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to SQL injection attacks by users with "member" privilege. Users are advised to upgrade to version 0.9.6 as soon as possible. There are no known workarounds.

References

Advisories

https://github.com/galette/galette/security/advisories/GHSA-936f-xvgq-fg74

https://github.com/galette/galette/commit/8e940641b5ed46c3f471332827df388ea00a85d3

Details

Source: Mitre, NVD

Published: 2021-12-16

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00284