2 matches found
CVE-2019-20059
paymentmanage.ajax.php and various manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.4 directly insert values from the sSortDir0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL...
MFScripts YetiShare SQL Injection Vulnerability
Mellow Fish YetiShare is a PHP-based file hosting web system script from Mellow Fish UK. A SQL injection vulnerability exists in the translationmanagetext.ajax.php and multiple manage.ajax.php files in Mellow Fish YetiShare versions 3.5.2 through 4.5.3. The vulnerability stems from a lack of...