Bacula-Web CVE-2025-45346
· One min read
Affected versions
Bacula-Web versions < 9.7.1 are affected by this security issue.
I strong encourage all users to upgrade to latest available stable release as soon as possible.
Description
An attacker with credentials can obtain a SQLi over the database through the web application.
For more details, see CVE-2025-45346
Resolution
The way to handle user input and query the database in Job file reports has now been fixed.
The patch can be found here
Credits
Thank to Kevin Suckiel for reporting the issue.