Vulnerability Description
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to SQL injection attacks by users with "member" privilege. Users are advised to upgrade to version 0.9.6 as soon as possible. There are no known workarounds.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Galette | Galette | < 0.9.6 |
Related Weaknesses (CWE)
References
- https://github.com/galette/galette/commit/8e940641b5ed46c3f471332827df388ea00a85PatchThird Party Advisory
- https://github.com/galette/galette/security/advisories/GHSA-936f-xvgq-fg74Third Party Advisory
- https://github.com/galette/galette/commit/8e940641b5ed46c3f471332827df388ea00a85PatchThird Party Advisory
- https://github.com/galette/galette/security/advisories/GHSA-936f-xvgq-fg74Third Party Advisory
FAQ
What is CVE-2021-41262?
CVE-2021-41262 is a vulnerability with a CVSS score of 8.8 (HIGH). Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to SQL injection attacks by users with "member" priv...
How severe is CVE-2021-41262?
CVE-2021-41262 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-41262?
Check the references section above for vendor advisories and patch information. Affected products include: Galette Galette.