Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ampache ampache vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-28852
Ampache is a web based audio/video streaming application and file manager. Ampache has multiple reflective XSS vulnerabilities,this means that all forms in the Ampache that use `rule` as a variable are not secure. For example, when querying a song, when querying a podcast, we nee...
NA
CVE-2024-28853
Ampache is a web based audio/video streaming application and file manager. Stored Cross Site Scripting (XSS) vulnerability in ampache before v6.3.1 allows a remote malicious user to execute code via a crafted payload to serval parameters in the post request of /preferences.php?ac...
8.8
CVSSv3
CVE-2023-0771
SQL Injection in GitHub repository ampache/ampache before 5.5.7,develop.
Ampache Ampache
6.1
CVSSv3
CVE-2023-0606
Cross-site Scripting (XSS) - Reflected in GitHub repository ampache/ampache before 5.5.7.
Ampache Ampache
8.8
CVSSv3
CVE-2022-4665
Unrestricted Upload of File with Dangerous Type in GitHub repository ampache/ampache before 5.5.6.
Ampache Ampache
5.4
CVSSv3
CVE-2021-32644
Ampache is an open source web based audio/video streaming application and file manager. Due to a lack of input filtering versions 4.x.y are vulnerable to code injection in random.php. The attack requires user authentication to access the random.php page unless the site is running...
Ampache Ampache 4.4.2
1 Github repository
9.8
CVSSv3
CVE-2020-15153
Ampache before version 4.2.2 allows unauthenticated users to perform SQL injection. Refer to the referenced GitHub Security Advisory for details and a workaround. This is fixed in version 4.2.2 and the development branch.
Ampache Ampache
7.5
CVSSv3
CVE-2021-21399
Ampache is a web based audio/video streaming application and file manager. Versions before 4.4.1 allow unauthenticated access to Ampache using the subsonic API. To successfully make the attack you must use a username that is not part of the site to bypass the auth checks. For mor...
Ampache Ampache
8.8
CVSSv3
CVE-2019-12385
An issue exists in Ampache up to and including 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.class.php searches (even guest users) can dump any data contained in the database (sessions, hashed passwords, etc.). This may lead...
Ampache Ampache
5.4
CVSSv3
CVE-2019-12386
An issue exists in Ampache up to and including 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged use...
Ampache Ampache
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »