Description
Ampache before version 4.2.2 allows unauthenticated users to perform SQL injection. Refer to the referenced GitHub Security Advisory for details and a workaround. This is fixed in version 4.2.2 and the development branch.
Remediation
References
Related Vulnerabilities
PrestaShop Incorrect Authorization Vulnerability (CVE-2020-5287)
WordPress Plugin WP Visitor Statistics (Real Time Traffic) SQL Injection (6.8.1)
WordPress Plugin PropertyHive Remote Code Execution (1.4.25)
WordPress Plugin Delete All Comments Cross-Site Request Forgery (1.0)
WordPress Plugin Viral Quiz Maker-OnionBuzz SQL Injection (1.2.6)