Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mfscripts vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-20059
payment_manage.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 up to and including 4.5.4 directly insert values from the sSortDir_0 parameter into a SQL string. This allows an malicious user to inject their own SQL and manipulate the query, typically extractin...
Mfscripts Yetishare
7.5
CVSSv3
CVE-2019-20060
MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. If this leaks, then third parties may discover password-reset hashes, file-delete links, or other sensitive information.
Mfscripts Yetishare
7.5
CVSSv3
CVE-2019-20061
The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the (system-picked) password if this email is sent in cleartext. In other words, the user is not allowed to choose their own initial password.
Mfscripts Yetishare
9.8
CVSSv3
CVE-2019-20062
MFScripts YetiShare v3.5.2 through v4.5.4 might allow an malicious user to reset a password by using a leaked hash (the hash never expires until used).
Mfscripts Yetishare
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2