Lucene search

[email protected]CVE-2014-8295

HistoryOct 15, 2014 - 2:55 p.m.

CVE-2014-8295

2014-10-1514:55:00

CWE-89

[email protected]

web.nvd.nist.gov

cve

2014

8295

sql injection

vulnerability

bacula-web

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

50.9%

JSON

SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter.

CPENameOperatorVersion
bacula:bacula-webbacula bacula-webeq5.2.10

CPE	Name	Operator	Version
bacula:bacula-web	bacula bacula-web	eq	5.2.10

References

osvdb.org/show/osvdb/112418

packetstormsecurity.com/files/128480/Bacula-web-5.2.10-SQL-Injection.html

www.exploit-db.com/exploits/34851

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

50.9%

JSON

Related for CVE-2014-8295

openvas1 cvelist1 prion1