SQL Injection Vulnerability in Ampache by Ampache
CVE-2007-4437

Currently unrated

Key Information:

Vendor: Ampache
Status: Ampache
Vendor: CVE Published:; 20 August 2007

What is CVE-2007-4437?

An SQL injection vulnerability exists in the albums.php file of Ampache versions prior to 3.3.3.5. This flaw allows remote attackers to manipulate SQL queries via the 'match' parameter, potentially leading to unauthorized access to the database or the execution of arbitrary SQL commands. As a result, sensitive data could be compromised, and the integrity of the application could be severely affected.

References

http://www.securityfocus.com/bid/25362

vdb-entryx_refsource_BID

http://bugs.gentoo.org/show_bug.cgi?id=189607

x_refsource_CONFIRM

http://osvdb.org/38276

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 20, 2007
Vulnerability Reserved
Aug 20, 2007