CVE-2017-15367

NONE EPSS 97.6%
Published Mar 7, 20188y ago · Modified Jun 17, 20262w ago
Find Similar
Published Mar 7, 2018 8y ago
Last Modified Jun 17, 2026 2w ago

Description

Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server.

Threat Intelligence

EPSS Exploit Probability
97.6% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-89 SQL Injection Injection

Affected Products 2

VendorProductVersionRange
baculabacula-web* ≤7.4.0
baculabacula-web8.0.0any

References 4

  • bacula-web.org http://bacula-web.org/download/articles/bacula-web-8-0-0-rc2.html
    Release NotesVendor Advisory
  • bugs.bacula-web.org http://bugs.bacula-web.org/view.php?id=211
    Issue TrackingVendor Advisory
  • github.com https://github.com/bacula-web/bacula-web/commit/90d4c44a0dd0d65c6fb3ab2417b83d700c8413ae
    PatchThird Party Advisory
  • exploit-db.com https://www.exploit-db.com/exploits/44272/
    ExploitThird Party AdvisoryVDB Entry

Remediation

  • github.com https://github.com/bacula-web/bacula-web/commit/90d4c44a0dd0d65c6fb3ab2417b83d700c8413ae
    PatchThird Party Advisory