VYPR

Ampache

by Ampache

Source repositories

CVEs (26)

  • CVE-2019-12385Aug 22, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in Ampache through 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.class.php searches (even guest users) can dump any data contained in the database (sessions, hashed passwords, etc.). This may lead to…

  • CVE-2017-18375May 24, 2019
    risk 0.00cvss epss 0.02

    Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php and democratic.class.php.

  • CVE-2008-3929Sep 4, 2008
    risk 0.00cvss epss 0.00

    gather-messages.sh in Ampache 3.4.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filelist temporary file.

  • CVE-2007-4438Aug 20, 2007
    risk 0.00cvss epss 0.01

    Session fixation vulnerability in Ampache before 3.3.3.5 allows remote attackers to hijack web sessions via unspecified vectors.

  • CVE-2007-4437Aug 20, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in albums.php in Ampache before 3.3.3.5 allows remote attackers to execute arbitrary SQL commands via the match parameter. NOTE: some details are obtained from third party information.

  • CVE-2006-5668Nov 3, 2006
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Ampache 3.3.2 and earlier, when register_globals is enabled, allows remote attackers to bypass security restrictions and gain guest access.

Page 2 of 2