{"id":"UBUNTU-CVE-2020-15153","details":"Ampache before version 4.2.2 allows unauthenticated users to perform SQL injection. Refer to the referenced GitHub Security Advisory for details and a workaround. This is fixed in version 4.2.2 and the development branch.","modified":"2025-10-24T04:48:35Z","published":"2021-04-30T16:15:00Z","upstream":["CVE-2020-15153"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-15153"},{"type":"REPORT","url":"https://github.com/ampache/ampache/releases/tag/4.2.2"},{"type":"REPORT","url":"https://github.com/ampache/ampache/commit/e92cb6154c32c513b9c07e5fdbf5ac7de81ef5ed"},{"type":"REPORT","url":"https://github.com/ampache/ampache/security/advisories/GHSA-phr3-mpx5-7826"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2020-15153"}],"affected":[{"package":{"name":"ampache","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/ampache@3.6-rzb2779+dfsg-0ubuntu9.2?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.6-rzb2779+dfsg-0ubuntu5","3.6-rzb2779+dfsg-0ubuntu6","3.6-rzb2779+dfsg-0ubuntu7","3.6-rzb2779+dfsg-0ubuntu8","3.6-rzb2779+dfsg-0ubuntu9","3.6-rzb2779+dfsg-0ubuntu9.1","3.6-rzb2779+dfsg-0ubuntu9.2"],"ecosystem_specific":{"binaries":[{"binary_name":"ampache","binary_version":"3.6-rzb2779+dfsg-0ubuntu9.2"},{"binary_name":"ampache-common","binary_version":"3.6-rzb2779+dfsg-0ubuntu9.2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-15153.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}