Allen Disk Project

allen_disk_project

6 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-9307 1Allen Disk Project 1Allen Disk May 13, 2026 May 31, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter.
CVE-2017-9249 1Allen Disk Project 1Allen Disk May 13, 2026 May 28, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this...Show more Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be specified in the PATH_INFO to readfile.php.Show less
CVE-2017-9091 1Allen Disk Project 1Allen Disk May 13, 2026 May 19, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 /admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying $_POST['captcha'].
CVE-2017-9090 1Allen Disk Project 1Allen Disk May 13, 2026 May 19, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha'].
CVE-2017-8848 1Allen Disk Project 1Allen Disk May 13, 2026 May 8, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password.
CVE-2017-8832 1Allen Disk Project 1Allen Disk May 13, 2026 May 8, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Allen Disk 1.6 has XSS in the id parameter to downfile.php.