lachlan

5 exploits Active since Jun 2021
CVE-2021-32644 WRITEUP MEDIUM WRITEUP
Ampache 4.x.y - Authenticated Code Injection in random.php
Ampache is an open source web based audio/video streaming application and file manager. Due to a lack of input filtering versions 4.x.y are vulnerable to code injection in random.php. The attack requires user authentication to access the random.php page unless the site is running in demo mode. This issue has been resolved in 4.4.3.
CVSS 6.4
CVE-2022-4665 WRITEUP HIGH WRITEUP
GitHub ampache/ampache <5.5.6 - Info Disclosure
Unrestricted Upload of File with Dangerous Type in GitHub repository ampache/ampache prior to 5.5.6.
CVSS 8.8
CVE-2023-0606 WRITEUP MEDIUM WRITEUP
ampache < 5.5.7 - Reflected Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in GitHub repository ampache/ampache prior to 5.5.7.
CVSS 6.1
CVE-2023-0771 WRITEUP HIGH WRITEUP
ampache < 5.5.7 - SQL Injection
SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,develop.
CVSS 8.8
CVE-2024-47184 WRITEUP MEDIUM WRITEUP
ampache < 6.6.0 - Stored Cross-Site Scripting in Democratic Playlist Name
Ampache is a web based audio/video streaming application and file manager. Prior to version 6.6.0, the Democratic Playlist Name is vulnerable to a stored cross-site scripting. Version 6.6.0 fixes this issue.
CVSS 6.1