Unauthenticated SQL injection in Ampache
CVE-2020-15153

8.2HIGH

Key Information:

Vendor: Ampache
Status: Ampache
Vendor: CVE Published:; 30 April 2021

What is CVE-2020-15153?

Ampache before version 4.2.2 allows unauthenticated users to perform SQL injection. Refer to the referenced GitHub Security Advisory for details and a workaround. This is fixed in version 4.2.2 and the development branch.

Affected Version(s)

ampache < 4.2.2

References

https://github.com/ampache/ampache/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/ampache/ampache/commit/e92cb6154c32c51...

x_refsource_MISC

https://github.com/ampache/ampache/releases/tag/4.2.2

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2021
Vulnerability Reserved
Jun 25, 2020