Allen Disk
Source repositories
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9091 | Hig | 0.49 | 7.5 | 0.01 | May 19, 2017 | /admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying $_POST['captcha']. | ||
| CVE-2017-9090 | Hig | 0.49 | 7.5 | 0.01 | May 19, 2017 | reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha']. | ||
| CVE-2017-9307 | Med | 0.42 | 6.5 | 0.01 | May 31, 2017 | SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter. | ||
| CVE-2017-8848 | Med | 0.42 | 6.5 | 0.00 | May 8, 2017 | Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password. | ||
| CVE-2017-8832 | Med | 0.40 | 6.1 | 0.01 | May 8, 2017 | Allen Disk 1.6 has XSS in the id parameter to downfile.php. | ||
| CVE-2017-9249 | Med | 0.35 | 5.4 | 0.01 | May 28, 2017 | Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be specified in the PATH_INFO… |
- risk 0.49cvss 7.5epss 0.01
/admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying $_POST['captcha'].
- risk 0.49cvss 7.5epss 0.01
reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha'].
- risk 0.42cvss 6.5epss 0.01
SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter.
- risk 0.42cvss 6.5epss 0.00
Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password.
- risk 0.40cvss 6.1epss 0.01
Allen Disk 1.6 has XSS in the id parameter to downfile.php.
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be specified in the PATH_INFO…