Stash
by Stash
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-32231 | Med | 0.34 | 6.3 | 0.01 | Aug 15, 2024 | Stash up to v0.25.1 was discovered to contain a SQL injection vulnerability via the sort parameter. | ||
| CVE-2008-4590 | 0.03 | — | 0.01 | Oct 16, 2008 | Multiple SQL injection vulnerabilities in Stash 1.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to admin/login.php and (2) the post parameter to admin/news.php. | |||
| CVE-2008-4081 | 0.03 | — | 0.03 | Sep 15, 2008 | admin/login.php in Stash 1.0.3 allows remote attackers to bypass authentication and gain administrative access by setting a bsm cookie. | |||
| CVE-2008-4080 | 0.03 | — | 0.03 | Sep 15, 2008 | SQL injection vulnerability in Stash 1.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username parameter to admin/library/authenticate.php and the (2) download parameter to downloadmp3.php. NOTE: some of these… |
- risk 0.34cvss 6.3epss 0.01
Stash up to v0.25.1 was discovered to contain a SQL injection vulnerability via the sort parameter.
- CVE-2008-4590Oct 16, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in Stash 1.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to admin/login.php and (2) the post parameter to admin/news.php.
- CVE-2008-4081Sep 15, 2008risk 0.03cvss —epss 0.03
admin/login.php in Stash 1.0.3 allows remote attackers to bypass authentication and gain administrative access by setting a bsm cookie.
- CVE-2008-4080Sep 15, 2008risk 0.03cvss —epss 0.03
SQL injection vulnerability in Stash 1.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username parameter to admin/library/authenticate.php and the (2) download parameter to downloadmp3.php. NOTE: some of these…