CVE-2024-43415

9.0 CRITICAL

Published: November 12, 2024 Modified: April 15, 2026

Description

An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidim_awesome-module <= v0.11.1 (> 0.9.0) allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://github.com/decidim-ice/decidim-module-decidim_awesome/commit/84374037d34a3ac80dc18406834169c65869f11b

Source: security-advisories@github.com

https://github.com/decidim-ice/decidim-module-decidim_awesome/security/advisories/GHSA-cxwf-qc32-375f

Source: security-advisories@github.com

https://pentest.ait.ac.at/security-advisory/decidim-awesome-sql-injection-in-adminaccountability

Source: security-advisories@github.com

3 reference(s) from NVD

Quick Stats

CVSS v3 Score

9.0 / 10.0

EPSS (Exploit Probability)

0.3%

55th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-89

Related CVEs

CVE-2026-40962 4.9

CVE-2026-40505 3.3

CVE-2026-40504 9.8

CVE-2026-3299 6.4

CVE-2026-40960 8.1