allen_disk_project 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk cross-site scripting、vendor risk input validation、vendor risk csrf, and vendor risk ssrf があり、vendor surface production workloads の利用場面で vendor impact unexpected behavior and vendor impact session compromise などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2017-9307 | SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter. | [email protected] | 6.5 | 0.89% | 2017-05-31 | 2026-05-13 |
| CVE-2017-9249 | Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be specified in the PATH_INFO to readfile.php. | [email protected] | 5.4 | 0.68% | 2017-05-28 | 2026-05-13 |
| CVE-2017-9091 | /admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying $_POST['captcha']. | [email protected] | 7.5 | 1.19% | 2017-05-19 | 2026-05-13 |
| CVE-2017-9090 | reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha']. | [email protected] | 7.5 | 1.19% | 2017-05-19 | 2026-05-13 |
| CVE-2017-8848 | Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password. | [email protected] | 6.5 | 0.49% | 2017-05-08 | 2026-05-13 |
| CVE-2017-8832 | Allen Disk 1.6 has XSS in the id parameter to downfile.php. | [email protected] | 6.1 | 0.63% | 2017-05-08 | 2026-05-13 |