Published: 07/03/2018 Updated: 09/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Bacula-web prior to 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an malicious user to access the Bacula database and, depending on configuration, escalate privileges on the server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bacula bacula-web 8.0.0
bacula bacula-web

# Exploit Title: Multiple SQL injection vulnerabilities in Bacula-Web # Date: 2018-03-07 # Software Link: bacula-weborg/ # Exploit Author: Gustavo Sorondo # Contact: twittercom/iampuky # Website: cintainfinitacom/ # CVE: CVE-2017-15367 # Category: webapps 1 Description Bacula-web before 800-rc2 is affected by multiple S ...

Bacula-Web versions prior to 800-RC2 suffer from multiple remote SQL injection vulnerabilities ...

CWE-89 https://github.com/bacula-web/bacula-web/commit/90d4c44a0dd0d65c6fb3ab2417b83d700c8413ae http://bugs.bacula-web.org/view.php?id=211 http://bacula-web.org/download/articles/bacula-web-8-0-0-rc2.html https://www.exploit-db.com/exploits/44272/https://nvd.nist.gov https://www.exploit-db.com/exploits/44272/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-15367

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect