CVE-2020-15153

Опубликовано: 30 апр. 2021

Источник: nvd

CVSS3: 8.2

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Ampache before version 4.2.2 allows unauthenticated users to perform SQL injection. Refer to the referenced GitHub Security Advisory for details and a workaround. This is fixed in version 4.2.2 and the development branch.

Ссылки

https://github.com/ampache/ampache/commit/e92cb6154c32c513b9c07e5fdbf5ac7de81ef5ed
Patch
Third Party Advisory
https://github.com/ampache/ampache/releases/tag/4.2.2
Release Notes
Third Party Advisory
https://github.com/ampache/ampache/security/advisories/GHSA-phr3-mpx5-7826
Exploit
Mitigation
Third Party Advisory
https://github.com/ampache/ampache/commit/e92cb6154c32c513b9c07e5fdbf5ac7de81ef5ed
Patch
Third Party Advisory
https://github.com/ampache/ampache/releases/tag/4.2.2
Release Notes
Third Party Advisory
https://github.com/ampache/ampache/security/advisories/GHSA-phr3-mpx5-7826
Exploit
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ampache:ampache:*:*:*:*:*:*:*:*

Версия до 4.2.2 (исключая)

EPSS

Процентиль: 83%

0.02059

Низкий

8.2 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

CVE-2020-15153

CVSS3: 8.2

ubuntu

почти 5 лет назад

CVE-2020-15153

CVSS3: 8.2

debian

почти 5 лет назад

Ampache before version 4.2.2 allows unauthenticated users to perform S ...

EPSS

Процентиль: 83%

0.02059

Низкий

8.2 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89