Yetishare Security Vulnerabilities and Issues — Yetishare CVE List

Lucene search

MfscriptsYetishare

4 matches found

CVE•added 2020/02/10 1:15 p.m.•57 views

CVE-2019-20062

MFScripts YetiShare v3.5.2 through v4.5.4 might allow an attacker to reset a password by using a leaked hash (the hash never expires until used).

9.8CVSS9.3AI score0.00371EPSS

CVE•added 2020/02/10 1:15 p.m.•42 views

CVE-2019-20061

The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the (system-picked) password if this email is sent in cleartext. In other words, the user is not allowed to choose their own initial password.

7.5CVSS7.5AI score0.00213EPSS

CVE•added 2020/02/10 1:15 p.m.•41 views

CVE-2019-20059

payment_manage.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.4 directly insert values from the sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Inj...

8.8CVSS7.3AI score0.0146EPSS

CVE•added 2020/02/10 1:15 p.m.•38 views

CVE-2019-20060

MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. If this leaks, then third parties may discover password-reset hashes, file-delete links, or other sensitive information.

7.5CVSS7.4AI score0.00468EPSS