vendor:
Bacula-web
by:
BlackCyber
7.5
CVSS
HIGH
Sql injection
89
CWE
Product Name: Bacula-web
Affected Version From: 5.2.10
Affected Version To: 5.2.10
Patch Exists: NO
Related CWE: Not provided
CPE: a:bacula-web_project:bacula-web:5.2.10
Platforms Tested:
Unknown
Bacula-web 5.2.10 vulnerability
The vulnerability allows an attacker to inject SQL queries through the 'jobid' parameter in the 'joblogs.php' page of the Bacula-web application. This can lead to unauthorized access to the database and potentially execute malicious commands.
Mitigation:
Update to a patched version of Bacula-web or apply appropriate security measures to prevent SQL injection attacks.