GHSA-hq25-vp56-qr86
Suggest an improvement- Source
- https://github.com/advisories/GHSA-hq25-vp56-qr86
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-hq25-vp56-qr86/GHSA-hq25-vp56-qr86.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-hq25-vp56-qr86
- Aliases
- Published
- 2025-07-29T21:30:44Z
- Modified
- 2025-07-30T13:44:54.403917Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Bacula-web SQL Injection Vulnerability
- Details
-
SQL Injection vulnerability in Bacula-web before v.9.7.1 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request.
- Database specific
{ "nvd_published_at": "2025-07-29T20:15:26Z", "github_reviewed": true, "github_reviewed_at": "2025-07-30T13:21:36Z", "severity": "HIGH", "cwe_ids": [ "CWE-89" ] }- References
Affected packages
Packagist / bacula-web/bacula-web
Package
- Name
- bacula-web/bacula-web
- Purl
- pkg:composer/bacula-web/bacula-web
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.7.1
Affected versions
v8.*
v8.0.0-rc.1
v8.0.0-rc.2
v8.0.0-rc.3
v8.0.0
v8.0.1
v8.1.0
v8.2.0
v8.2.1
v8.3.0
v8.3.1
v8.3.2
v8.3.3
v8.4.0
v8.4.1
v8.4.2
v8.4.3
v8.4.4
v8.5.0
v8.5.1
v8.5.2
v8.5.3
v8.5.4
v8.5.5
v8.6.0
v8.6.1
v8.6.2
v8.6.3
v8.7.0
v8.8.0
v8.9.0
v9.*
v9.0.0
v9.0.1
v9.1.0
v9.2.0
v9.2.1
v9.3.0
v9.4.0
v9.4.1
v9.5.0
v9.5.1
v9.6.0
v9.6.1
v9.7.0