SQL Command Manipulation Vulnerability in Decidim Awesome Module by Decidim
CVE-2024-43415
Currently unrated
What is CVE-2024-43415?
The Decidim Awesome Module suffers from an SQL injection vulnerability due to improper handling of special elements in SQL commands. Authenticated admin users can exploit this flaw to manipulate SQL queries, potentially leading to unauthorized access to sensitive information, file reading and writing operations, or executing commands on the server. This vulnerability affects versions up to v0.11.1, making it critical for administrators to implement appropriate security measures to mitigate risks.