Description Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php and democratic.class.php. Remediation References CVE-2017-18375 Related Vulnerabilities WordPress Plugin Store Locator Plus for WordPress Cross-Site Scripting (4.5.10) WordPress Plugin WP Socializer-Simple & Easy Social Media Share Icons Cross-Site Scripting (7.2) MySQL CVE-2018-3054 Vulnerability (CVE-2018-3054) WordPress Plugin Disqus Comment System Cross-Site Scripting (2.68) Apache 2.x version older than 2.2.6 Severity High Classification CVE-2017-18375 CWE-502 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Tags Missing Update Known Vulnerabilities