Ampache

Ampache

26 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2019-12385

Exploit
  • EPSS 0.74%
  • Published 22.08.2019 19:15:14
  • Last modified 21.11.2024 04:22:43

An issue was discovered in Ampache through 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.class.php searches (even guest users) can dump any data contained in the database (sessions, hashed passw...

8.8

CVE-2017-18375

Exploit
  • EPSS 0.38%
  • Published 24.05.2019 18:29:00
  • Last modified 21.11.2024 03:19:57

Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php and democratic.class.php.

7.2

CVE-2008-3929

  • EPSS 0.03%
  • Published 04.09.2008 18:41:00
  • Last modified 09.04.2025 00:30:58

gather-messages.sh in Ampache 3.4.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filelist temporary file.

6.8

CVE-2007-4438

  • EPSS 0.83%
  • Published 20.08.2007 22:17:00
  • Last modified 09.04.2025 00:30:58

Session fixation vulnerability in Ampache before 3.3.3.5 allows remote attackers to hijack web sessions via unspecified vectors.

6.8

CVE-2007-4437

  • EPSS 0.78%
  • Published 20.08.2007 22:17:00
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in albums.php in Ampache before 3.3.3.5 allows remote attackers to execute arbitrary SQL commands via the match parameter. NOTE: some details are obtained from third party information.

7.5

CVE-2006-5668

  • EPSS 0.43%
  • Published 03.11.2006 01:07:00
  • Last modified 09.04.2025 00:30:58

Unspecified vulnerability in Ampache 3.3.2 and earlier, when register_globals is enabled, allows remote attackers to bypass security restrictions and gain guest access.