reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty...
7.5CVSS
7.4AI Score
0.001EPSS
/admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying...
7.5CVSS
7.5AI Score
0.001EPSS
6.5CVSS
6.5AI Score
0.001EPSS
SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file...
6.5CVSS
6.1AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be specified in the PATH_INFO to...
5.4CVSS
5AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS