Johan Cwiklinski

**Name of the Vulnerable Software and Affected Versions** Galette versions 0.63 through 0.63.3 Galette version 0.64rc1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id adh` parameter to "picture.php". **Recommendations** For Galette versions 0.63 through 0.63.3, and version 0.64rc1, avoid using the `id adh` parameter in the "picture.php" endpoint until the issue is resolved.