Description
Ampache before version 4.2.2 allows unauthenticated users to perform SQL injection. Refer to the referenced GitHub Security Advisory for details and a workaround. This is fixed in version 4.2.2 and the development branch.
Remediation
References
Related Vulnerabilities
Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-26034)
Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-20901)
WordPress Plugin Admin Menu Cross-Site Scripting (1.1)
WordPress Plugin Swipe Checkout for WooCommerce Cross-Site Scripting (2.7.1)