Vulnerability Details CVE-2017-15367
Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.247
EPSS Ranking 95.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://bacula-web.org/download/articles/bacula-web-8-0-0-rc2.html
- http://bugs.bacula-web.org/view.php?id=211
- https://github.com/bacula-web/bacula-web/commit/90d4c44a0dd0d65c6fb3ab2417b83d700c8413ae
- https://www.exploit-db.com/exploits/44272/
- http://bacula-web.org/download/articles/bacula-web-8-0-0-rc2.html
- http://bugs.bacula-web.org/view.php?id=211
- https://github.com/bacula-web/bacula-web/commit/90d4c44a0dd0d65c6fb3ab2417b83d700c8413ae
- https://www.exploit-db.com/exploits/44272/
Products affected by CVE-2017-15367
-
cpe:2.3:a:bacula:bacula-web:5.0.3
-
cpe:2.3:a:bacula:bacula-web:5.1.0
-
cpe:2.3:a:bacula:bacula-web:5.2.10
-
cpe:2.3:a:bacula:bacula-web:5.2.11
-
cpe:2.3:a:bacula:bacula-web:5.2.12
-
cpe:2.3:a:bacula:bacula-web:5.2.13
-
cpe:2.3:a:bacula:bacula-web:5.2.13-1
-
cpe:2.3:a:bacula:bacula-web:5.2.2
-
cpe:2.3:a:bacula:bacula-web:5.2.6
-
cpe:2.3:a:bacula:bacula-web:6.0.0
-
cpe:2.3:a:bacula:bacula-web:6.0.1
-
cpe:2.3:a:bacula:bacula-web:7.0.0
-
cpe:2.3:a:bacula:bacula-web:7.0.1
-
cpe:2.3:a:bacula:bacula-web:7.0.2
-
cpe:2.3:a:bacula:bacula-web:7.0.3
-
cpe:2.3:a:bacula:bacula-web:7.1.0
-
cpe:2.3:a:bacula:bacula-web:7.2.0
-
cpe:2.3:a:bacula:bacula-web:7.3.0
-
cpe:2.3:a:bacula:bacula-web:7.4.0
-
cpe:2.3:a:bacula:bacula-web:8.0.0