CVE-2020-15153

Summary

Ampache before version 4.2.2 allows unauthenticated users to perform SQL injection. Refer to the referenced GitHub Security Advisory for details and a workaround. This is fixed in version 4.2.2 and the development branch.

Affected Software

VendorProductVersion RangeStatus
ampacheampache< 4.2.2affected

Weaknesses

  • CWE-89: {"CWE-89":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}

ADP Enrichment

CVE Program Container

Additional References

References