3 matches found
CVE-2017-15367
CVE-2017-15367 affects Bacula-Web prior to 8.0.0-rc2. The vulnerability is described as multiple SQL Injection flaws that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server. Affected component: Bacula-Web (web UI for Bacula bac...
CVE-2014-8295
Bacula-Web 5.2.10 is affected by an SQL injection in joblogs.php via the jobid parameter. The root cause is improper handling of the input, enabling remote attackers to execute arbitrary SQL commands. No remediation details are provided in the supplied documents.
CVE-2025-45346
CVE-2025-45346 affects Bacula-web prior to version 9.7.1. The vulnerability is an SQL Injection that can be triggered remotely via a crafted HTTP GET request, potentially allowing arbitrary code execution on affected systems. Public materials in connected documents confirm the issue and point to ...