Описание
Bacula-web SQL Injection Vulnerabilities
Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2017-15367
- https://github.com/bacula-web/bacula-web/commit/90d4c44a0dd0d65c6fb3ab2417b83d700c8413ae
- https://web.archive.org/web/20180324124226/http://bacula-web.org/download/articles/bacula-web-8-0-0-rc2.html
- https://web.archive.org/web/20180625090858/http://bugs.bacula-web.org/view.php?id=211
- https://www.exploit-db.com/exploits/44272
Пакеты
Наименование
bacula-web/bacula-web
composer
Затронутые версииВерсия исправления
< 8.0.0-rc2
8.0.0-rc2
Связанные уязвимости
CVSS3: 9.8
nvd
почти 8 лет назад
Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server.