-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe commit diff explicitly shows that 'client-report.php' improperly handled the 'period' parameter, enabling SQL injection. Exploit examples (e.g., Exploit-DB) and the CVE description confirm that 'pool_id' in jobs.php, 'client_id' in client-report.php, and parameters in backupjob-report.php were also vulnerable. These parameters were directly embedded into SQL queries without validation or parameterized queries, making them susceptible to injection. The high confidence stems from the explicit code fix for 'period', combined with documented exploit payloads and CVE/GHSA descriptions corroborating multiple injection vectors.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| bacula-web/bacula-web | composer | < 8.0.0-rc2 | 8.0.0-rc2 |
A Semantic Attack on Google Gemini - Read the Latest Research