CVE-2021-32644

MEDIUM
Published Jun 22, 20215y ago · Modified Jun 17, 20261w ago
5.4 CVSS 3.1
Medium
Find Similar
Published Jun 22, 2021 5y ago
Last Modified Jun 17, 2026 1w ago

Description

Ampache is an open source web based audio/video streaming application and file manager. Due to a lack of input filtering versions 4.x.y are vulnerable to code injection in random.php. The attack requires user authentication to access the random.php page unless the site is running in demo mode. This issue has been resolved in 4.4.3.

CVSS Details

Base Score
5.4
Exploitability
2.3
Impact
2.7
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Changed
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
ampacheampache4.4.2any

References 2

  • github.com https://github.com/ampache/ampache/commit/c9453841e1b517a1660c3da1efd1fe5d623c93a5
    PatchThird Party Advisory
  • github.com https://github.com/ampache/ampache/security/advisories/GHSA-vqpj-xgw2-r54q
    Third Party Advisory

Remediation

  • github.com https://github.com/ampache/ampache/commit/c9453841e1b517a1660c3da1efd1fe5d623c93a5
    PatchThird Party Advisory