Vulnerability DatabaseCVE-2020-15153

CVE-2020-15153:
Linux Ubuntu vulnerability analysis and mitigation

Overview

CVE-2020-15153 affects Ampache versions before 4.2.2, allowing unauthenticated users to perform SQL injection attacks. The vulnerability was discovered in the database_object.abstract.php component and was fixed in version 4.2.2 and the development branch (GitHub Advisory, NVD).

Technical details

The vulnerability received a CVSS v3.1 Base Score of 9.8 CRITICAL (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) from NIST and 8.2 HIGH (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N) from GitHub. The issue was classified as CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (NVD).

Impact

The SQL injection vulnerability allows unauthenticated attackers to execute arbitrary SQL commands against the database, potentially leading to unauthorized access to sensitive data, modification of database contents, and compromise of the application's security (GitHub Advisory).

Mitigation and workarounds

The vulnerability was fixed in Ampache version 4.2.2. Users should upgrade to this version or later to protect against this security issue. The fix includes proper input validation and parameter handling in the database_object.abstract.php component (Ampache Release).

Additional resources

Source: This report was generated using AI

Related Linux Ubuntu vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-62408	MEDIUM	5.9	Linux Debian	c-ares	No	No	Dec 08, 2025
CVE-2023-53769	N/A	N/A	Linux Kernel	kernel-modules-internal	No	Yes	Dec 08, 2025
CVE-2023-53768	N/A	N/A	Linux Debian	linux	No	Yes	Dec 08, 2025
CVE-2023-53767	N/A	N/A	Linux Kernel	libperf	No	Yes	Dec 08, 2025
CVE-2023-53766	N/A	N/A	Linux Debian	linux-fips	No	Yes	Dec 08, 2025