Vulnerabilities > Ampache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-10 | CVE-2023-0771 | SQL Injection vulnerability in Ampache SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,develop. | 8.8 |
| 2023-02-01 | CVE-2023-0606 | Cross-site Scripting vulnerability in Ampache Cross-site Scripting (XSS) - Reflected in GitHub repository ampache/ampache prior to 5.5.7. | 6.1 |
| 2021-06-22 | CVE-2021-32644 | Cross-site Scripting vulnerability in Ampache 4.4.2 Ampache is an open source web based audio/video streaming application and file manager. | 3.5 |
| 2021-04-13 | CVE-2021-21399 | Improper Authentication vulnerability in Ampache Ampache is a web based audio/video streaming application and file manager. | 7.5 |
| 2019-08-22 | CVE-2019-12386 | Cross-site Scripting vulnerability in Ampache An issue was discovered in Ampache through 3.9.1. | 3.5 |
| 2019-08-22 | CVE-2019-12385 | SQL Injection vulnerability in Ampache An issue was discovered in Ampache through 3.9.1. | 6.5 |
| 2019-05-24 | CVE-2017-18375 | Deserialization of Untrusted Data vulnerability in Ampache 3.8.3 Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php and democratic.class.php. | 6.5 |
| 2008-09-04 | CVE-2008-3929 | Link Following vulnerability in Ampache 3.4.1 gather-messages.sh in Ampache 3.4.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filelist temporary file. | 7.2 |
| 2007-08-20 | CVE-2007-4438 | Improper Authentication vulnerability in Ampache Session fixation vulnerability in Ampache before 3.3.3.5 allows remote attackers to hijack web sessions via unspecified vectors. | 6.8 |
| 2007-08-20 | CVE-2007-4437 | SQL Injection vulnerability in Ampache Albums.PHP SQL injection vulnerability in albums.php in Ampache before 3.3.3.5 allows remote attackers to execute arbitrary SQL commands via the match parameter. network ampache | 6.8 |