PT-2021-9737 · Ampache · Ampache

Lachlan-00

Published

2021-04-30

Updated

2021-05-09

CVE-2020-15153

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ampache versions prior to 4.2.2

Description The issue allows unauthenticated users to perform SQL injection. A fix for this issue is included in version 4.2.2 and the development branch.

Recommendations For versions prior to 4.2.2, update to version 4.2.2 or switch to the development branch to resolve the issue. As a temporary workaround, consider restricting access to sensitive database operations until the update can be applied.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2020-15153

GHSA-PHR3-MPX5-7826

Affected Products

Ampache

PT-2021-9737 · Ampache · Ampache

CVE-2020-15153

Weakness Enumeration

Related Identifiers

Affected Products

References · 8