2 matches found
CVE-2015-4726
AudioShare 2.0.2 is affected by a PHP remote file inclusion in ajax/myajaxphp.php that allows remote attackers to execute arbitrary PHP code via a URL supplied in the config['basedir'] parameter. Root cause appears to be improper handling of config['basedir'], enabling RFI. Severity from referenc...
CVE-2015-4725
AudioShare 2.0.2 is affected by a Cross-site Scripting (XSS) in forgot.php, exploitable via the email parameter. The vulnerability allows remote attackers to inject arbitrary script/HTML when user-provided data is rendered, enabling potential session hijacking or information disclosure as describ...