Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
MfscriptsYetishare

3 matches found

CVE
CVEadded 2019/12/30 5:15 p.m.47 views

CVE-2019-19734

_account_move_file_in_folder.ajax.php in MFScripts YetiShare 3.5.2 directly inserts values from the fileIds parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection.

8.8CVSS8.7AI score0.003EPSS
CVE
CVEadded 2020/02/10 1:15 p.m.40 views

CVE-2019-20059

payment_manage.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.4 directly insert values from the sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Inj...

8.8CVSS7.3AI score0.0146EPSS
CVE
CVEadded 2019/12/30 5:15 p.m.35 views

CVE-2019-19737

MFScripts YetiShare 3.5.2 through 4.5.3 does not set the SameSite flag on session cookies, allowing the cookie to be sent in cross-site requests and potentially be used in cross-site request forgery attacks.

8.8CVSS8.5AI score0.00177EPSS