Ampache
by Ampache
Source repositories
CVEs (26)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-12385 | 0.00 | — | 0.02 | Aug 22, 2019 | An issue was discovered in Ampache through 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.class.php searches (even guest users) can dump any data contained in the database (sessions, hashed passwords, etc.). This may lead to… | |||
| CVE-2017-18375 | 0.00 | — | 0.02 | May 24, 2019 | Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php and democratic.class.php. | |||
| CVE-2008-3929 | 0.00 | — | 0.00 | Sep 4, 2008 | gather-messages.sh in Ampache 3.4.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filelist temporary file. | |||
| CVE-2007-4438 | 0.00 | — | 0.01 | Aug 20, 2007 | Session fixation vulnerability in Ampache before 3.3.3.5 allows remote attackers to hijack web sessions via unspecified vectors. | |||
| CVE-2007-4437 | 0.00 | — | 0.01 | Aug 20, 2007 | SQL injection vulnerability in albums.php in Ampache before 3.3.3.5 allows remote attackers to execute arbitrary SQL commands via the match parameter. NOTE: some details are obtained from third party information. | |||
| CVE-2006-5668 | 0.00 | — | 0.02 | Nov 3, 2006 | Unspecified vulnerability in Ampache 3.3.2 and earlier, when register_globals is enabled, allows remote attackers to bypass security restrictions and gain guest access. |
- CVE-2019-12385Aug 22, 2019risk 0.00cvss —epss 0.02
An issue was discovered in Ampache through 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.class.php searches (even guest users) can dump any data contained in the database (sessions, hashed passwords, etc.). This may lead to…
- CVE-2017-18375May 24, 2019risk 0.00cvss —epss 0.02
Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php and democratic.class.php.
- CVE-2008-3929Sep 4, 2008risk 0.00cvss —epss 0.00
gather-messages.sh in Ampache 3.4.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filelist temporary file.
- CVE-2007-4438Aug 20, 2007risk 0.00cvss —epss 0.01
Session fixation vulnerability in Ampache before 3.3.3.5 allows remote attackers to hijack web sessions via unspecified vectors.
- CVE-2007-4437Aug 20, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in albums.php in Ampache before 3.3.3.5 allows remote attackers to execute arbitrary SQL commands via the match parameter. NOTE: some details are obtained from third party information.
- CVE-2006-5668Nov 3, 2006risk 0.00cvss —epss 0.02
Unspecified vulnerability in Ampache 3.3.2 and earlier, when register_globals is enabled, allows remote attackers to bypass security restrictions and gain guest access.
Page 2 of 2