Bacula-Web < 8.0.0-rc2 - SQL Injection

Exploit Title: Multiple SQL injection vulnerabilities in Bacula-Web Date: 2018-03-07 Software Link: http://bacula-web.org/ Exploit Author: Gustavo Sorondo Contact: http://twitter.com/iampuky Website: http://cintainfinita.com/ CVE: CVE-2017-15367 Category: webapps 1. Description Bacula-web before...

Bacula-Web SQL Injection

Title: Multiple SQL injection vulnerabilities in Bacula-Web CVE-2017-15367 Credit: Gustavo Sorondo / http://www.cintainfinita.com Vendor/Product: Bacula-Web http://bacula-web.org/ Vulnerability: SQL injection Vulnerable version: All prior to 8.0.0-RC2. Fixed in: 8.0.0-RC2 CVE: CVE-2017-15367...

CVE-2017-15367

Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server...

CVE-2017-15367

CVE-2017-15367 affects Bacula-Web prior to 8.0.0-rc2. The vulnerability is described as multiple SQL Injection flaws that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server. Affected component: Bacula-Web (web UI for Bacula bac...