IDCVSSSummaryLast (major) updatePublished
CVE-2017-8832 4.3
Allen Disk 1.6 has XSS in the id parameter to downfile.php.
16-05-2017 - 20:01 08-05-2017 - 06:29
CVE-2017-8848 4.3
Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password.
16-05-2017 - 20:01 08-05-2017 - 17:29
CVE-2017-9090 5.0
reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha'].
24-05-2017 - 18:29 19-05-2017 - 18:29
CVE-2017-9091 5.0
/admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying $_POST['captcha'].
24-05-2017 - 18:29 19-05-2017 - 18:29
Back to Top Mark selected
Back to Top