Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mfscripts vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2019-19805
_account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 up to and including 4.5.3 takes a different amount of time to return depending on whether an email address is configured for the account name provided. This can be used by an malicious user to enumerate accounts by gu...
Mfscripts Yetishare
6.1
CVSSv3
CVE-2019-19733
_get_all_file_server_paths.ajax.php (aka get_all_file_server_paths.ajax.php) in MFScripts YetiShare 3.5.2 up to and including 4.5.3 does not sanitize or encode the output from the fileIds parameter on the page, which would allow an malicious user to input HTML or execute scripts ...
Mfscripts Yetishare
5.3
CVSSv3
CVE-2019-19806
_account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 up to and including 4.5.3 displays a message indicating whether an email address is configured for the account name provided. This can be used by an malicious user to enumerate accounts by guessing email addresses.
Mfscripts Yetishare
8.8
CVSSv3
CVE-2019-20059
payment_manage.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 up to and including 4.5.4 directly insert values from the sSortDir_0 parameter into a SQL string. This allows an malicious user to inject their own SQL and manipulate the query, typically extractin...
Mfscripts Yetishare
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
command injection
CVE-2021-47511
CVE-2024-26238
CVE-2024-4858
CVE-2024-21305
XXE
CVE-2021-47555
CVE-2021-47526
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2