{"id":"CVE-2024-43415","summary":"Decidim-Awesome: SQL injection in AdminAccountability","details":"An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidim_awesome-module \u003c= v0.11.1 (\u003e 0.9.0) allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands.","aliases":["GHSA-cxwf-qc32-375f"],"modified":"2026-04-10T05:17:05.231346Z","published":"2024-11-12T15:45:51.312Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/43xxx/CVE-2024-43415.json","cna_assigner":"GitHub_M","cwe_ids":["CWE-89"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/43xxx/CVE-2024-43415.json"},{"type":"ADVISORY","url":"https://github.com/decidim-ice/decidim-module-decidim_awesome/security/advisories/GHSA-cxwf-qc32-375f"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43415"},{"type":"ADVISORY","url":"https://pentest.ait.ac.at/security-advisory/decidim-awesome-sql-injection-in-adminaccountability"},{"type":"FIX","url":"https://github.com/decidim-ice/decidim-module-decidim_awesome/commit/84374037d34a3ac80dc18406834169c65869f11b"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/decidim-ice/decidim-module-decidim_awesome","events":[{"introduced":"78cc71a447ca04f71a577f3a2e62c33be045f6bd"},{"fixed":"b50475f0a47a2886280ed8067a55ec2ac0086148"}],"database_specific":{"versions":[{"introduced":"0.9.1"},{"fixed":"0.10.3"}]}},{"type":"GIT","repo":"https://github.com/decidim-ice/decidim-module-decidim_awesome","events":[{"introduced":"0"},{"fixed":"84374037d34a3ac80dc18406834169c65869f11b"}],"database_specific":{"versions":[{"introduced":"0.11.0"},{"fixed":"0.11.2"}]}}],"versions":["v0.10.1","v0.10.2","v0.3","v0.5.1","v0.6.0","v0.6.1","v0.6.2","v0.6.5","v0.6.7","v0.7.0","v0.7.2","v0.8.1","v0.9.1","v0.9.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43415.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L"}]}