Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ampache ampache vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-15153
Ampache before version 4.2.2 allows unauthenticated users to perform SQL injection. Refer to the referenced GitHub Security Advisory for details and a workaround. This is fixed in version 4.2.2 and the development branch.
Ampache Ampache
8.8
CVSSv3
CVE-2023-0771
SQL Injection in GitHub repository ampache/ampache before 5.5.7,develop.
Ampache Ampache
8.8
CVSSv3
CVE-2022-4665
Unrestricted Upload of File with Dangerous Type in GitHub repository ampache/ampache before 5.5.6.
Ampache Ampache
8.8
CVSSv3
CVE-2019-12385
An issue exists in Ampache up to and including 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.class.php searches (even guest users) can dump any data contained in the database (sessions, hashed passwords, etc.). This may lead...
Ampache Ampache
8.8
CVSSv3
CVE-2017-18375
Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php and democratic.class.php.
Ampache Ampache 3.8.3
7.5
CVSSv3
CVE-2021-21399
Ampache is a web based audio/video streaming application and file manager. Versions before 4.4.1 allow unauthenticated access to Ampache using the subsonic API. To successfully make the attack you must use a username that is not part of the site to bypass the auth checks. For mor...
Ampache Ampache
6.1
CVSSv3
CVE-2023-0606
Cross-site Scripting (XSS) - Reflected in GitHub repository ampache/ampache before 5.5.7.
Ampache Ampache
5.4
CVSSv3
CVE-2021-32644
Ampache is an open source web based audio/video streaming application and file manager. Due to a lack of input filtering versions 4.x.y are vulnerable to code injection in random.php. The attack requires user authentication to access the random.php page unless the site is running...
Ampache Ampache 4.4.2
1 Github repository
5.4
CVSSv3
CVE-2019-12386
An issue exists in Ampache up to and including 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged use...
Ampache Ampache
NA
CVE-2024-28852
Ampache is a web based audio/video streaming application and file manager. Ampache has multiple reflective XSS vulnerabilities,this means that all forms in the Ampache that use `rule` as a variable are not secure. For example, when querying a song, when querying a podcast, we nee...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »