CVE-2021-32644

medium

Description

Ampache is an open source web based audio/video streaming application and file manager. Due to a lack of input filtering versions 4.x.y are vulnerable to code injection in random.php. The attack requires user authentication to access the random.php page unless the site is running in demo mode. This issue has been resolved in 4.4.3.

References

Advisories

https://github.com/ampache/ampache/security/advisories/GHSA-vqpj-xgw2-r54q

https://github.com/ampache/ampache/commit/c9453841e1b517a1660c3da1efd1fe5d623c93a5

Details

Source: Mitre, NVD

Published: 2021-06-22

Updated: 2021-06-29

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00441