This page lists publicly disclosed CVE vulnerabilities affecting bacula bacula-web (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-45346 | SQL Injection vulnerability in Bacula-web before v.9.7.1 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request. | [email protected] | 8.1 | 0.52% | 2025-07-29 | 2025-08-06 |
| CVE-2017-15367 | Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server. | [email protected] | 9.8 | 22.20% | 2018-03-07 | 2024-11-21 |
| CVE-2014-8295 | SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter. | [email protected] | 7.5 | 0.81% | 2014-10-15 | 2026-05-06 |