CVE-2025-45346

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-45346

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-45346.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-45346

Aliases

GHSA-hq25-vp56-qr86

Published

2025-07-29T20:15:26Z

Modified

2025-08-06T16:54:52.735834Z

Summary

[none]

Details

SQL Injection vulnerability in Bacula-web before v.9.7.1 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request.

References

Affected packages

Git / github.com/bacula-web/bacula-web

Affected ranges

Type: GIT
Repo: https://github.com/bacula-web/bacula-web
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5c5e58632467e876c8b9b8477353924544886d8b

Fixed

ad5d94809f17994a61496ecfec9cd3a16ac14a5f

Affected versions

v5.*

v5.0.3-alpha

v5.1.0-alpha

v5.2.10

v5.2.12

v5.2.13

v5.2.13-1

v5.2.2

v5.2.6

v6.*

v6.0.0

v6.0.1

v7.*

v7.0.0

v7.0.1

v7.0.2

v7.0.3

v7.1.0

v7.2.0

v7.3.0

v7.4.0

v8.*

v8.0.0

v8.0.0-rc.1

v8.0.0-rc.2

v8.0.0-rc.3

v8.0.1

v8.1.0

v8.2.0

v8.2.1

v8.3.0

v8.3.1

v8.3.2

v8.3.3

v8.4.0

v8.4.1

v8.4.2

v8.4.3

v8.4.4

v8.5.0

v8.5.1

v8.5.2

v8.5.3

v8.5.4

v8.5.5

v8.6.0

v8.6.1

v8.6.2

v8.6.3

v8.7.0

v8.8.0

v8.9.0

v9.*

v9.0.0

v9.0.1

v9.1.0

v9.2.0

v9.2.1

v9.3.0

v9.4.0

v9.4.1

v9.5.0

v9.5.1

v9.7.0