RSS   Vulnerabilities for 'Allendisk'   RSS

2017-05-19
 
CVE-2017-9091

 

 
/admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying $_POST['captcha'].

 
 
CVE-2017-9090

 

 
reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha'].

 
2017-05-08
 
CVE-2017-8848

 

 
Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password.

 
 
CVE-2017-8832

 

 
Allen Disk 1.6 has XSS in the id parameter to downfile.php.

 


Copyright 2018, cxsecurity.com

 

Back to Top