Description
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to SQL injection attacks by users with "member" privilege. Users are advised to upgrade to version 0.9.6 as soon as possible. There are no known workarounds.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://github.com/galette/galette/security/advisories/GHSA-936f-xvgq-fg74
Patch, Third Party Advisory x_refsource_misc
https://github.com/galette/galette/commit/8e940641b5ed46c3f471332827df388ea00a85d3
Scores
CVSS v3
8.8
EPSS
0.0030
EPSS Percentile
53.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
galette/galette
< 0.9.6
Published
Dec 16, 2021
Tracked Since
Feb 18, 2026