📦 Galette

Galette membership management web application versions before 0.9.6 contain a SQL injection vulnerability that allows authenticated users with 'member' privileges to execute arbitrary SQL commands. Th...

CVE-2021-41260 is a Cross-Site Request Forgery (CSRF) vulnerability in Galette, a membership management web application for non-profit organizations. The vulnerability allows attackers to trick authen...

This vulnerability allows authenticated group manager users in Galette to bypass intended restrictions on Contributions and Transactions functionality. It affects Galette versions 1.1.4 through 1.1.x ...