An issue was discovered in Ampache through 3.9.1. The search engine is
affected by a SQL Injection, so any user able to perform
lib/class/search.class.php searches (even guest users) can dump any data
contained in the database (sessions, hashed passwords, etc.). This may lead
to a full compromise of admin accounts, when combined with the weak password
generator algorithm used in the lostpassword functionality.
Created ampache_browser tracking bugs for this issue:
Affects: fedora-all [bug 1771260]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.