Description
An issue was discovered in Ampache through 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.class.php searches (even guest users) can dump any data contained in the database (sessions, hashed passwords, etc.). This may lead to a full compromise of admin accounts, when combined with the weak password generator algorithm used in the lostpassword functionality.
Remediation
References
Related Vulnerabilities
TYPO3 Improper Input Validation Vulnerability (CVE-2020-15099)
Oracle Database Server CVE-2007-2118 Vulnerability (CVE-2007-2118)
Jenkins Protection Mechanism Failure Vulnerability (CVE-2021-21696 )
PostgreSQL Improper Access Control Vulnerability (CVE-2019-10127)
WordPress Plugin Filter Custom Fields & Taxonomies Light Unspecified Vulnerability (1.04)