Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
allen disk project allen disk 1.6 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2017-9090
reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha'].
Allen Disk Project Allen Disk 1.6
5.4
CVSSv3
CVE-2017-9249
Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be specified in the PATH_INFO to...
Allen Disk Project Allen Disk 1.6
6.5
CVSSv3
CVE-2017-9307
SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter.
Allen Disk Project Allen Disk 1.6
6.1
CVSSv3
CVE-2017-8832
Allen Disk 1.6 has XSS in the id parameter to downfile.php.
Allen Disk Project Allen Disk 1.6
6.5
CVSSv3
CVE-2017-8848
Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password.
Allen Disk Project Allen Disk 1.6
7.5
CVSSv3
CVE-2017-9091
/admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying $_POST['captcha'].
Allen Disk Project Allen Disk 1.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started