Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 8:35 a.m.4 views

CVE-2019-19734

accountmovefileinfolder.ajax.php in MFScripts YetiShare 3.5.2 directly inserts values from the fileIds parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection...

8.8CVSS7.3AI score0.01104EPSS
Exploits1References1
Circl
Circl
added 2024/03/18 3:16 p.m.8 views

CVE-2019-19734

creationtimestamp| type| source ---|---|--- 2024-03-18 15:16:35+00:00| seen| https://t.me/ctinow/210615 2026-07-08 09:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mq4t24fqwe25...

8.8CVSS7.2AI score0.01104EPSS
Exploits1References2
NVD
NVD
added 2019/12/30 5:15 p.m.27 views

CVE-2019-19734

accountmovefileinfolder.ajax.php in MFScripts YetiShare 3.5.2 directly inserts values from the fileIds parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection...

8.8CVSS8.7AI score0.01104EPSS
Exploits1References2
OSV
OSV
added 2019/12/30 5:15 p.m.4 views

CVE-2019-19734

accountmovefileinfolder.ajax.php in MFScripts YetiShare 3.5.2 directly inserts values from the fileIds parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection...

8.8CVSS7.3AI score0.01104EPSS
Exploits1References2
CVE
CVE
added 2019/12/30 4:59 p.m.59 views

CVE-2019-19734

CVE-2019-19734 affects MFScripts YetiShare 3.5.2 where _account_move_file_in_folder.ajax.php directly inserts values from the fileIds parameter into a SQL string, enabling SQL injection. Root cause is lack of proper input validation/parameterization, leading to manipulation of queries and potenti...

8.8CVSS8.7AI score0.01104EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/12/30 4:59 p.m.28 views

CVE-2019-19734

accountmovefileinfolder.ajax.php in MFScripts YetiShare 3.5.2 directly inserts values from the fileIds parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection...

8.8AI score0.01104EPSS
Exploits1References2
Rows per page
Query Builder