Unrated severityNVD Advisory· Published Jun 22, 2021· Updated Aug 3, 2024

Cross-site Scripting in Random.php

CVE-2021-32644

Description

Ampache is an open source web based audio/video streaming application and file manager. Due to a lack of input filtering versions 4.x.y are vulnerable to code injection in random.php. The attack requires user authentication to access the random.php page unless the site is running in demo mode. This issue has been resolved in 4.4.3.

Affected products

Ampache/Ampachev5
Range: >= 4.0.0, < 4.4.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/ampache/ampache/commit/c9453841e1b517a1660c3da1efd1fe5d623c93a5mitrex_refsource_MISC
github.com/ampache/ampache/security/advisories/GHSA-vqpj-xgw2-r54qmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000