Vulnerabilities > Mfscripts > Yetishare > 4.5.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-10 | CVE-2019-20062 | Improper Authentication vulnerability in Mfscripts Yetishare MFScripts YetiShare v3.5.2 through v4.5.4 might allow an attacker to reset a password by using a leaked hash (the hash never expires until used). | 9.8 |
2020-02-10 | CVE-2019-20061 | Cleartext Transmission of Sensitive Information vulnerability in Mfscripts Yetishare The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the (system-picked) password if this email is sent in cleartext. | 7.5 |
2020-02-10 | CVE-2019-20060 | Insecure Storage of Sensitive Information vulnerability in Mfscripts Yetishare MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. | 7.5 |
2020-02-10 | CVE-2019-20059 | SQL Injection vulnerability in Mfscripts Yetishare payment_manage.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.4 directly insert values from the sSortDir_0 parameter into a SQL string. | 8.8 |