Ampache

ampache

Vendor: Ampache • 25 CVEs

CVEs (25)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-18375 1Ampache 1Ampache Nov 21, 2024 May 24, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php and democratic.class.php.
CVE-2008-3929 1Ampache 1Ampache Apr 23, 2026 Sep 4, 2008 N/A· v4 N/A· v3 7.2 HIGH· v2 gather-messages.sh in Ampache 3.4.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filelist temporary file.
CVE-2007-4438 1Ampache 1Ampache Apr 23, 2026 Aug 20, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Session fixation vulnerability in Ampache before 3.3.3.5 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2007-4437 1Ampache 1Ampache Apr 23, 2026 Aug 20, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 SQL injection vulnerability in albums.php in Ampache before 3.3.3.5 allows remote attackers to execute arbitrary SQL commands via the match parameter. NOTE: some details are obtained from third party information.
CVE-2006-5668 1Ampache 1Ampache Apr 23, 2026 Nov 3, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Unspecified vulnerability in Ampache 3.3.2 and earlier, when register_globals is enabled, allows remote attackers to bypass security restrictions and gain guest access.