Ampache: >> Ampache Security Vulnerabilities
Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php and democratic.class.php.
CVSS Score
8.8
EPSS Score
0.004
Published
2019-05-24
gather-messages.sh in Ampache 3.4.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filelist temporary file.
CVSS Score
7.2
EPSS Score
0.0
Published
2008-09-04
SQL injection vulnerability in albums.php in Ampache before 3.3.3.5 allows remote attackers to execute arbitrary SQL commands via the match parameter. NOTE: some details are obtained from third party information.
CVSS Score
6.8
EPSS Score
0.008
Published
2007-08-20
Session fixation vulnerability in Ampache before 3.3.3.5 allows remote attackers to hijack web sessions via unspecified vectors.
CVSS Score
6.8
EPSS Score
0.008
Published
2007-08-20
Unspecified vulnerability in Ampache 3.3.2 and earlier, when register_globals is enabled, allows remote attackers to bypass security restrictions and gain guest access.
CVSS Score
7.5
EPSS Score
0.004
Published
2006-11-03
Page 3