Vulnerabilities > Mfscripts > Yetishare > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-10 | CVE-2019-20061 | Cleartext Transmission of Sensitive Information vulnerability in Mfscripts Yetishare The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the (system-picked) password if this email is sent in cleartext. | 7.5 |
| 2020-02-10 | CVE-2019-20060 | Insecure Storage of Sensitive Information vulnerability in Mfscripts Yetishare MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. | 7.5 |
| 2020-02-10 | CVE-2019-20059 | SQL Injection vulnerability in Mfscripts Yetishare payment_manage.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.4 directly insert values from the sSortDir_0 parameter into a SQL string. | 8.8 |
| 2019-12-30 | CVE-2019-19739 | Missing Encryption of Sensitive Data vulnerability in Mfscripts Yetishare MFScripts YetiShare 3.5.2 through 4.5.3 does not set the Secure flag on session cookies, allowing the cookie to be sent over cleartext channels. | 7.5 |
| 2019-12-30 | CVE-2019-19737 | Cross-Site Request Forgery (CSRF) vulnerability in Mfscripts Yetishare MFScripts YetiShare 3.5.2 through 4.5.3 does not set the SameSite flag on session cookies, allowing the cookie to be sent in cross-site requests and potentially be used in cross-site request forgery attacks. | 8.8 |
| 2019-12-30 | CVE-2019-19734 | SQL Injection vulnerability in Mfscripts Yetishare _account_move_file_in_folder.ajax.php in MFScripts YetiShare 3.5.2 directly inserts values from the fileIds parameter into a SQL string. | 8.8 |
| 2019-12-30 | CVE-2019-19732 | SQL Injection vulnerability in Mfscripts Yetishare translation_manage_text.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 directly insert values from the aSortDir_0 and/or sSortDir_0 parameter into a SQL string. | 7.2 |