Allen Disk Project Allen Disk — known CVE vulnerabilities
Every CVE whose affected-product data names Allen Disk Project Allen Disk, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2017-9090 — CVSS 7.5 (high): reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an…
CVE-2017-9091 — CVSS 7.5 (high): /admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying…
CVE-2017-9307 — CVSS 6.5 (medium): SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet…
CVE-2017-9249 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML…