Galette · Galette · CVE-2012-2338
**Name of the Vulnerable Software and Affected Versions**
Galette versions 0.63 through 0.63.3
Galette version 0.64rc1
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id adh` parameter to "picture.php".
**Recommendations**
For Galette versions 0.63 through 0.63.3, and version 0.64rc1, avoid using the `id adh` parameter in the "picture.php" endpoint until the issue is resolved.