logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2024-43415 decidim-decidim_awesome

Package

Manager: gem
Name: decidim-decidim_awesome
Vulnerable Version: >=0.9.1 <0.10.3 || >=0.11.0 <0.11.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:P

EPSS: 0.00212 pctl0.43809

Details

Decidim-Awesome has SQL injection in AdminAccountability ## Vulnerability type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ## Vendor: Decidim International Community Environment ### Has vendor confirmed: Yes ### Attack type: Remote ### Impact: Code Execution Escalation of Privileges Information Disclosure ### Affected component: A raw sql-statement that uses an interpolated variable exists in the admin_role_actions method of the `papertrail/version-model(app/models/decidim/decidim_awesome/paper_trail_version.rb`). ### Attack vector: An attacker with admin permissions could manipulate database queries in order to read out the database, read files from the filesystem, write files from the filesystem. In the worst case, this could lead to remote code execution on the server. Description of the vulnerability for use in the CVE [ℹ] (https://cveproject.github.io/docs/content/key-details- phrasing.pdf) : An improper neutralization of special elements used in an SQL command in the `papertrail/version- model` of the decidim_awesome-module <= v0.11.1 (> 0.9.0) allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands. ### Discoverer Credits: Wolfgang Hotwagner ### References: https://pentest.ait.ac.at/security-advisory/decidim-awesome-sql-injection-in-adminaccountability/ https://portswigger.net/web-security/sql-injection

Metadata

Created: 2024-11-12T19:52:22Z
Modified: 2024-11-13T23:24:27Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-cxwf-qc32-375f/GHSA-cxwf-qc32-375f.json
CWE IDs: ["CWE-89"]
Alternative ID: GHSA-cxwf-qc32-375f
Finding: F297
Auto approve: 1