Skip to main content

Breaking cybersecurity news

Vulnerability database

EU vulnerability data

Hands-on web security training

Security incidents database

Knowledge library

Analytics & trends

Follow us

Professional cybersecurity intelligence

Breaking cybersecurity news

Vulnerability database

EU vulnerability data

Hands-on web security training

Security incidents database

Knowledge library

Analytics & trends

Follow us

About Sources Sponsored Articles Status Legal Terms

v2.3.3•© 2026

Telegram Bluesky GitHub Contact

Return to CVE list

CVE-2024-43415

CVE-2024-43415

9.0

Critical

Published:12 Nov 2024

Last updated:17 Jun 2026

Source:security-advisories@github.com

Deferred

Weakness (CWE)

CWE-89SQL Injection

CVSS Vector

v3.1

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: None
Scope: Changed
Confidentiality: High
Integrity: High
Availability: Low

View on MITRE Find PoC on GitHub

Description

An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidim_awesome-module <= v0.11.1 (> 0.9.0) allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands.

References

security-advisories@github.com

https://github.com/decidim-ice/decidim-module-decidim_awesome/commit/84374037d34a3ac80dc18406834169c65869f11b

security-advisories@github.com

https://github.com/decidim-ice/decidim-module-decidim_awesome/security/advisories/GHSA-cxwf-qc32-375f

security-advisories@github.com

https://pentest.ait.ac.at/security-advisory/decidim-awesome-sql-injection-in-adminaccountability