Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ampache ampache vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-5668
Unspecified vulnerability in Ampache 3.3.2 and previous versions, when register_globals is enabled, allows remote malicious users to bypass security restrictions and gain guest access.
Ampache Ampache 3.2
Ampache Ampache 3.3.2
Ampache Ampache 3.2.3
Ampache Ampache 3.3
Ampache Ampache 3.2.2
Ampache Ampache 3.3.1
Ampache Ampache 3.2.1
Ampache Ampache 3.3.1.2
Ampache Ampache 3.2.4
6.1
CVSSv3
CVE-2023-0606
Cross-site Scripting (XSS) - Reflected in GitHub repository ampache/ampache before 5.5.7.
Ampache Ampache
8.8
CVSSv3
CVE-2019-12385
An issue exists in Ampache up to and including 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.class.php searches (even guest users) can dump any data contained in the database (sessions, hashed passwords, etc.). This may lead...
Ampache Ampache
NA
CVE-2007-4437
SQL injection vulnerability in albums.php in Ampache prior to 3.3.3.5 allows remote malicious users to execute arbitrary SQL commands via the match parameter. NOTE: some details are obtained from third party information.
Ampache Ampache
NA
CVE-2007-4438
Session fixation vulnerability in Ampache prior to 3.3.3.5 allows remote malicious users to hijack web sessions via unspecified vectors.
Ampache Ampache
7.5
CVSSv3
CVE-2021-21399
Ampache is a web based audio/video streaming application and file manager. Versions before 4.4.1 allow unauthenticated access to Ampache using the subsonic API. To successfully make the attack you must use a username that is not part of the site to bypass the auth checks. For mor...
Ampache Ampache
5.4
CVSSv3
CVE-2019-12386
An issue exists in Ampache up to and including 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged use...
Ampache Ampache
8.8
CVSSv3
CVE-2022-4665
Unrestricted Upload of File with Dangerous Type in GitHub repository ampache/ampache before 5.5.6.
Ampache Ampache
9.8
CVSSv3
CVE-2020-15153
Ampache before version 4.2.2 allows unauthenticated users to perform SQL injection. Refer to the referenced GitHub Security Advisory for details and a workaround. This is fixed in version 4.2.2 and the development branch.
Ampache Ampache
8.8
CVSSv3
CVE-2023-0771
SQL Injection in GitHub repository ampache/ampache before 5.5.7,develop.
Ampache Ampache
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »