EUVD-2019-4020

Malware in sbrugna...

CVE-2021-21399

Ampache is a web based audio/video streaming application and file manager. Versions prior to 4.4.1 allow unauthenticated access to Ampache using the subsonic API. To successfully make the attack you must use a username that is not part of the site to bypass the auth checks. For more details and...

CVE-2024-51484

CVE-2024-51484 concerns Ampache, a web-based audio/video streaming app. The issue is in how the platform validates CSRF tokens during activation/deactivation of controllers: the token parsing/validation path does not properly secure these state-changing requests, enabling CSRF-style abuse to togg...

CVE-2019-12386

An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged user whose credentials are known b...

Ampache 3.4.3 - 'login.php' Multiple SQL Injections

source: https://www.securityfocus.com/bid/37417/info Ampache is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or...

Ampache 3.4.3 - login.php Multiple SQL Injections

Ampache 3.4.3 - login.php Multiple SQL Injections source: https://www.securityfocus.com/bid/37417/info Ampache is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an...

CVE-2006-5668

Unspecified vulnerability in Ampache 3.3.2 and earlier, when registerglobals is enabled, allows remote attackers to bypass security restrictions and gain guest access...