Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Yetishare Security Vulnerabilities - CVSS Score 9 - 10

cve
cve

CVE-2019-19735

class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure method of creating password reset hashes (based only on microtime), which allows an attacker to guess the hash and set the password within a few hours by bruteforcing.

9.1CVSS

9.2AI Score

0.004EPSS

2019-12-30 05:15 PM
33
cve
cve

CVE-2019-20062

MFScripts YetiShare v3.5.2 through v4.5.4 might allow an attacker to reset a password by using a leaked hash (the hash never expires until used).

9.8CVSS

9.3AI Score

0.004EPSS

2020-02-10 01:15 PM
48