Lucene search
K

106 matches found

CVE
CVE
added 2019/12/30 4:59 p.m.60 views

CVE-2019-19734

CVE-2019-19734 affects MFScripts YetiShare 3.5.2 where _account_move_file_in_folder.ajax.php directly inserts values from the fileIds parameter into a SQL string, enabling SQL injection. Root cause is lack of proper input validation/parameterization, leading to manipulation of queries and potenti...

8.8CVSS8.7AI score0.01104EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2019/12/30 4:59 p.m.55 views

CVE-2019-19733

CVE-2019-19733 affects MFScripts YetiShare, version range 3.5.2 through 4.5.3. The vulnerability lies in the file get_all_file_server_paths.ajax.php where output derived from the client-supplied fileIds parameter is not sanitized/encoded, enabling an attacker to inject HTML or script code on the ...

6.1CVSS6.2AI score0.0071EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/12/30 4:59 p.m.17 views

CVE-2019-19732

translationmanagetext.ajax.php and various manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 directly insert values from the aSortDir0 and/or sSortDir0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from th...

7.4AI score0.01089EPSS
Exploits1References2
CVE
CVE
added 2019/12/30 4:59 p.m.60 views

CVE-2019-19732

The CVE-2019-19732 entry affects MFScripts YetiShare versions 3.5.2 through 4.5.3 (and related revisions noted in connected records). The underlying issue is direct insertion of values from the aSortDir_0 and/or sSortDir_0 parameters into a SQL string in translation_manage_text.ajax.php and multi...

7.2CVSS7.3AI score0.01089EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2019/12/30 4:46 p.m.50 views

CVE-2019-19739

CVE-2019-19739 affects MFScripts YetiShare versions 3.5.2 through 4.5.3. The root cause is that session cookies are created without the Secure flag, allowing them to be transmitted over cleartext channels. Impact: cookies may be exposed via insecure transport, as reflected in CVSS metrics (CVSS v...

7.5CVSS7.4AI score0.00666EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/12/30 4:46 p.m.25 views

CVE-2019-19739

MFScripts YetiShare 3.5.2 through 4.5.3 does not set the Secure flag on session cookies, allowing the cookie to be sent over cleartext channels...

7.5AI score0.00666EPSS
Exploits0References1
Rows per page
Query Builder