Vulnerabilities > Allen Disk Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-31 | CVE-2017-9307 | Server-Side Request Forgery (SSRF) vulnerability in Allen Disk Project Allen Disk 1.6 SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter. | 6.5 |
| 2017-05-28 | CVE-2017-9249 | Cross-site Scripting vulnerability in Allen Disk Project Allen Disk 1.6 Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. | 5.4 |
| 2017-05-19 | CVE-2017-9091 | Improper Input Validation vulnerability in Allen Disk Project Allen Disk 1.6 /admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying $_POST['captcha']. | 7.5 |
| 2017-05-19 | CVE-2017-9090 | Improper Input Validation vulnerability in Allen Disk Project Allen Disk 1.6 reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha']. | 7.5 |
| 2017-05-08 | CVE-2017-8848 | Cross-Site Request Forgery (CSRF) vulnerability in Allen Disk Project Allen Disk 1.6 Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password. | 6.5 |
| 2017-05-08 | CVE-2017-8832 | Cross-site Scripting vulnerability in Allen Disk Project Allen Disk 1.6 Allen Disk 1.6 has XSS in the id parameter to downfile.php. | 6.1 |