CVE Vulnerability

CVE-2008-6960

download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

References
Link Resource
http://www.vupen.com/english/advisories/2008/3062 Vendor Advisory
http://secunia.com/advisories/32537 Vendor Advisory
http://www.securityfocus.com/bid/32227 Exploit
http://osvdb.org/49797 Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/46489
https://www.exploit-db.com/exploits/7074
Configurations

Configuration 1

cpe:2.3:a:x10media:x10_automatic_mp3_script:1.5.5:*:*:*:*:*:*:*
cpe:2.3:a:x10media:x10_automatic_mp3_script:1.6:*:*:*:*:*:*:*
Information

Published : 2009-08-12 10:30

Updated : 2017-09-29 01:33

NVD link : CVE-2008-6960

Mitre link : CVE-2008-6960

Products Affected

.x10 Automatic Mp3 Script

X10media

CWE
CWE-264