CVE-2017-15367

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-15367

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15367.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-15367

Aliases

GHSA-fv4m-5j2c-787r

Published

2018-03-07T20:29:00.247Z

Modified

2025-11-20T10:38:16.521830Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server.

References

Affected packages

Git / github.com/bacula-web/bacula-web

Affected ranges

Type: GIT
Repo: https://github.com/bacula-web/bacula-web
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

90d4c44a0dd0d65c6fb3ab2417b83d700c8413ae

Affected versions

v5.*

v5.0.3-alpha

v5.1.0-alpha

v5.2.10

v5.2.12

v5.2.13

v5.2.13-1

v5.2.2

v5.2.6

v6.*

v6.0.0

v6.0.1

v7.*

v7.0.0

v7.0.1

v7.0.2

v7.0.3

v7.1.0

v7.2.0

v7.3.0

v7.4.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15367.json"