Description
gather-messages.sh in Ampache 3.4.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filelist temporary file.
Remediation
References
Related Vulnerabilities
Drupal Core 8.9.x Multiple Cross-Site Scripting Vulnerabilities (8.9.0 - 8.9.5)
WordPress Plugin Facebook for WooCommerce Cross-Site Request Forgery (1.9.14)
IBM WebSEAL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1805)
WordPress Plugin RK Responsive Contact Form SQL Injection (1.0.0)