Yetishare Security Vulnerabilities and Issues — Yetishare CVE List

Lucene search

MfscriptsYetishare

4 matches found

CVE•added 2019/12/30 5:15 p.m.•47 views

CVE-2019-19732

translation_manage_text.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 directly insert values from the aSortDir_0 and/or sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data fro...

7.2CVSS7.3AI score0.0032EPSS

Web

CVE•added 2020/02/10 1:15 p.m.•42 views

CVE-2019-20061

The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the (system-picked) password if this email is sent in cleartext. In other words, the user is not allowed to choose their own initial password.

7.5CVSS7.5AI score0.00213EPSS

CVE•added 2020/02/10 1:15 p.m.•38 views

CVE-2019-20060

MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. If this leaks, then third parties may discover password-reset hashes, file-delete links, or other sensitive information.

7.5CVSS7.4AI score0.00468EPSS

CVE•added 2019/12/30 5:15 p.m.•36 views

CVE-2019-19739

MFScripts YetiShare 3.5.2 through 4.5.3 does not set the Secure flag on session cookies, allowing the cookie to be sent over cleartext channels.

7.5CVSS7.4AI score0.00183EPSS