Vulnerabilities > Mfscripts > Yetishare > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-10 | CVE-2019-20062 | Improper Authentication vulnerability in Mfscripts Yetishare MFScripts YetiShare v3.5.2 through v4.5.4 might allow an attacker to reset a password by using a leaked hash (the hash never expires until used). | 9.8 |
| 2019-12-30 | CVE-2019-19735 | Use of Password Hash With Insufficient Computational Effort vulnerability in Mfscripts Yetishare class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure method of creating password reset hashes (based only on microtime), which allows an attacker to guess the hash and set the password within a few hours by bruteforcing. | 9.1 |