EUVD-2026-36667
GHSA-crh6-pvh7-v7wf
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-accessible SQL injection requiring low-privilege authentication; low CIA impact consistent with constrained database role and no scope change.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability was detected in Grit42 Grit up to 0.11.0. Affected by this issue is some unknown functionality of the file modules/core/backend/app/controllers/concerns/grit/core/grit_entity_controller.rb of the component GritEntityController. Performing a manipulation results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
SQL injection in Grit42 Grit up to version 0.11.0 allows authenticated low-privilege remote attackers to query or manipulate the backend database through a CSV export endpoint handled by the GritEntityController Rails concern. The vulnerable code path resides in shared controller logic at modules/core/backend/app/controllers/concerns/grit/core/grit_entity_controller.rb, meaning the injection surface may extend across multiple entity types rather than a single isolated route. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a valid low-privilege authenticated session in the Grit application - the CVSS 4.0 vector (PR:L) confirms that unauthenticated access is insufficient. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N) scores 5.3 (Medium) and describes a remotely exploitable, low-complexity vulnerability requiring only low-privilege authentication with no user interaction. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with a valid low-privilege Grit account navigates to the CSV export endpoint and injects a UNION-based or error-based SQL payload via a filter or sort parameter processed by GritEntityController, causing the underlying database query to return or modify data outside the intended scope. A public proof-of-concept documents this technique in detail (https://github.com/natanmorette-thoropass/thoropass-vuln-research-program/blob/main/2026/SQL%20Injection%20in%20grit42%20CSV%20Export%20Endpoint/README.md), lowering the skill threshold for exploitation significantly. … |
| Remediation | No vendor-released patch has been identified at time of analysis; the vendor did not respond to responsible disclosure and no fix version exists to reference. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Share
External POC / Exploit Code
Leaving vuln.today