Ampache

Ampache

26 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2024-51144

  • EPSS 0.94%
  • Veröffentlicht 05.03.2025 20:16:05
  • Zuletzt bearbeitet 29.09.2025 15:16:06

Cross Site Request Forgery (CSRF) vulnerability exists in the 'pvmsg.php?action=add_message', pvmsg.php?action=confirm_delete , and ajax.server.php?page=user&action=flip_follow endpoints in Ampache <= 6.6.0.

9

CVE-2024-51490

Exploit
  • EPSS 0.17%
  • Veröffentlicht 11.11.2024 20:15:18
  • Zuletzt bearbeitet 14.11.2024 20:13:01

Ampache is a web based audio/video streaming application and file manager. This vulnerability exists in the interface section of the Ampache menu, where users can change "Custom URL - Logo". This section is not properly sanitized, allowing for the in...

5.4

CVE-2024-51489

Exploit
  • EPSS 0.06%
  • Veröffentlicht 11.11.2024 20:15:18
  • Zuletzt bearbeitet 14.11.2024 20:12:52

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users send messages to one another. This vulnerability could be exploited to forge CS...

5.4

CVE-2024-51488

Exploit
  • EPSS 0.06%
  • Veröffentlicht 11.11.2024 20:15:18
  • Zuletzt bearbeitet 14.11.2024 20:12:58

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users delete messages. This vulnerability could be exploited to forge CSRF attacks, a...

8.1

CVE-2024-51487

Exploit
  • EPSS 0.06%
  • Veröffentlicht 11.11.2024 20:15:18
  • Zuletzt bearbeitet 14.11.2024 19:37:53

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating catalog. This vulnerability allows an attacker to exploit CS...

8.4

CVE-2024-51486

Exploit
  • EPSS 0.14%
  • Veröffentlicht 11.11.2024 20:15:18
  • Zuletzt bearbeitet 21.11.2024 09:45:35

Ampache is a web based audio/video streaming application and file manager. The vulnerability exists in the interface section of the Ampache menu, where users can change the "Custom URL - Favicon". This section is not properly sanitized, allowing for ...

8.1

CVE-2024-51485

Exploit
  • EPSS 0.06%
  • Veröffentlicht 11.11.2024 20:15:18
  • Zuletzt bearbeitet 14.11.2024 20:06:12

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins. This vulnerability allows an attacker to exploit CS...

8.1

CVE-2024-51484

Exploit
  • EPSS 0.06%
  • Veröffentlicht 11.11.2024 20:15:18
  • Zuletzt bearbeitet 14.11.2024 20:14:44

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating controllers. This vulnerability allows an attacker to exploi...

6.5

CVE-2024-47828

Exploit
  • EPSS 0.07%
  • Veröffentlicht 09.10.2024 19:15:14
  • Zuletzt bearbeitet 17.10.2024 13:55:23

ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects (Playlist, smartlist etc.). Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit ...

4.8

CVE-2024-47184

Exploit
  • EPSS 0.08%
  • Veröffentlicht 27.09.2024 14:15:04
  • Zuletzt bearbeitet 04.10.2024 18:19:26

Ampache is a web based audio/video streaming application and file manager. Prior to version 6.6.0, the Democratic Playlist Name is vulnerable to a stored cross-site scripting. Version 6.6.0 fixes this issue.