CRITICAL🇬🇧 English

CVE-2019-19735

CVSS 9.1v3.1pub. 2019-12-30upd. 2024-11-21

class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure method of creating password reset hashes (based only on microtime), which allows an attacker to guess the hash and set the password within a few hours by bruteforcing.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Mfscripts Yetishare

    APP
    Mfscripts
    3.5.2 – 4.5.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2019-20062CRITICAL9.8ten sam produkt

MFScripts YetiShare v3.5.2 through v4.5.4 might allow an attacker to reset a password by using a leaked hash (...

CVE-2019-20061HIGH7.5ten sam produkt

The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the (system-picked) password...

CVE-2019-20059HIGH8.8ten sam produkt

payment_manage.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.4 directly inse...

CVE-2019-20060HIGH7.5ten sam produkt

MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. If this leaks, t...

CVE-2019-19734HIGH8.8ten sam produkt

_account_move_file_in_folder.ajax.php in MFScripts YetiShare 3.5.2 directly inserts values from the fileIds pa...