CVE-2021-32644

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-32644
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32644.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-32644
Related
Published
2021-06-22T18:15:08Z
Modified
2025-07-02T00:03:06.492777Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Ampache is an open source web based audio/video streaming application and file manager. Due to a lack of input filtering versions 4.x.y are vulnerable to code injection in random.php. The attack requires user authentication to access the random.php page unless the site is running in demo mode. This issue has been resolved in 4.4.3.

References

Affected packages

Git / github.com/ampache/ampache

Affected ranges

Type
GIT
Repo
https://github.com/ampache/ampache
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

3.*

3.6-alpha1
3.6-alpha2
3.6-alpha3
3.6-alpha4
3.6-alpha5
3.6-alpha6
3.7.0
3.8.0
3.8.0-beta1
3.8.0-beta2
3.8.1
3.8.1-beta1
3.8.1-beta2
3.8.2
3.8.3
3.8.4
3.8.5
3.8.6
3.8.7
3.8.8
3.8.9
3.9.0

4.*

4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.1.0
4.1.1
4.2.0
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
4.3.0
4.4.0
4.4.1

5.*

5.0.0-pre-release1