Search CVE reports
21 – 26 of 26 results
An issue was discovered in Ampache through 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.class.php searches (even guest users) can dump any data contained in the database...
1 affected package
ampache
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ampache | — | — | Not in release | Not in release |
Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php and democratic.class.php.
1 affected package
ampache
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ampache | Not in release | Not in release | Not in release | Not in release |
Some fixes available 2 of 23
The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote...
10 affected packages
ampache, gforge-plugin-scmcvs, libphp-snoopy, magpierss, mahara...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ampache | — | — | — | — |
| gforge-plugin-scmcvs | — | — | — | — |
| libphp-snoopy | — | — | — | — |
| magpierss | — | — | — | — |
| mahara | — | — | — | — |
| mediamate | — | — | — | — |
| moodle | — | — | — | — |
| opendb | — | — | — | — |
| pixelpost | — | — | — | — |
| wordpress | — | — | — | — |
gather-messages.sh in Ampache 3.4.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filelist temporary file.
1 affected package
ampache
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ampache | — | — | — | — |
Not in release
Session fixation vulnerability in Ampache before 3.3.3.5 allows remote attackers to hijack web sessions via unspecified vectors.
1 affected package
ampache
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ampache | — | — | — | — |
Not in release
SQL injection vulnerability in albums.php in Ampache before 3.3.3.5 allows remote attackers to execute arbitrary SQL commands via the match parameter. NOTE: some details are obtained from third party information.
1 affected package
ampache
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ampache | — | — | — | — |