CVE-2008-6960

download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:x10media:x10_automatic_mp3_script:1.5.5:*:*:*:*:*:*:*
cpe:2.3:a:x10media:x10_automatic_mp3_script:1.6:*:*:*:*:*:*:*

History

21 Nov 2024, 00:57

Type Values Removed Values Added
References () http://osvdb.org/49797 - Exploit () http://osvdb.org/49797 - Exploit
References () http://secunia.com/advisories/32537 - Vendor Advisory () http://secunia.com/advisories/32537 - Vendor Advisory
References () http://www.securityfocus.com/bid/32227 - Exploit () http://www.securityfocus.com/bid/32227 - Exploit
References () http://www.vupen.com/english/advisories/2008/3062 - Vendor Advisory () http://www.vupen.com/english/advisories/2008/3062 - Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/46489 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/46489 -
References () https://www.exploit-db.com/exploits/7074 - () https://www.exploit-db.com/exploits/7074 -

Information

Published : 2009-08-12 10:30

Updated : 2024-11-21 00:57


NVD link : CVE-2008-6960

Mitre link : CVE-2008-6960

CVE.ORG link : CVE-2008-6960


JSON object : View

Products Affected

x10media

  • x10_automatic_mp3_script
CWE
CWE-264

Permissions, Privileges, and Access Controls