6 matches found
CVE-2019-19734
accountmovefileinfolder.ajax.php in MFScripts YetiShare 3.5.2 directly inserts values from the fileIds parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection...
CVE-2019-19734
creationtimestamp| type| source ---|---|--- 2024-03-18 15:16:35+00:00| seen| https://t.me/ctinow/210615 2026-07-08 09:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mq4t24fqwe25...
CVE-2019-19734
accountmovefileinfolder.ajax.php in MFScripts YetiShare 3.5.2 directly inserts values from the fileIds parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection...
CVE-2019-19734
accountmovefileinfolder.ajax.php in MFScripts YetiShare 3.5.2 directly inserts values from the fileIds parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection...
CVE-2019-19734
CVE-2019-19734 affects MFScripts YetiShare 3.5.2 where _account_move_file_in_folder.ajax.php directly inserts values from the fileIds parameter into a SQL string, enabling SQL injection. Root cause is lack of proper input validation/parameterization, leading to manipulation of queries and potenti...
CVE-2019-19734
accountmovefileinfolder.ajax.php in MFScripts YetiShare 3.5.2 directly inserts values from the fileIds parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection...