CVSS: 9.8EPSS: 86%CPEs: 2EXPL: 1CVE-2017-15367 – Bacula-Web < 8.0.0-rc2 - SQL Injection
https://notcve.org/view.php?id=CVE-2017-15367
Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server. Bacula-web, en versiones anteriores a la 8.0.0-rc2, se ha visto afectado por múltiples vulnerabilidades que podrían permitir que un atacante acceda a la base de datos de Bacula y, dependiendo de la configuración, escalar privilegios en el servidor. Bacula-Web versions prior to 8.0.0-RC2 suffer from multiple remote SQL injection vulnerabilities. • https://www.exploit-db.com/exploits/44272 http://bacula-web.org/download/articles/bacula-web-8-0-0-rc2.html http://bugs.bacula-web.org/view.php?id=211 https://github.com/bacula-web/bacula-web/commit/90d4c44a0dd0d65c6fb3ab2417b83d700c8413ae • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •