Vulnerability Description
download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| X10Media | X10 Automatic Mp3 Script | 1.5.5 |
Related Weaknesses (CWE)
References
- http://osvdb.org/49797Exploit
- http://secunia.com/advisories/32537Vendor Advisory
- http://www.securityfocus.com/bid/32227Exploit
- http://www.vupen.com/english/advisories/2008/3062Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46489
- https://www.exploit-db.com/exploits/7074
- http://osvdb.org/49797Exploit
- http://secunia.com/advisories/32537Vendor Advisory
- http://www.securityfocus.com/bid/32227Exploit
- http://www.vupen.com/english/advisories/2008/3062Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46489
- https://www.exploit-db.com/exploits/7074
FAQ
What is CVE-2008-6960?
CVE-2008-6960 is a vulnerability with a CVSS score of 5.0 (MEDIUM). download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database cr...
How severe is CVE-2008-6960?
CVE-2008-6960 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-6960?
Check the references section above for vendor advisories and patch information. Affected products include: X10Media X10 Automatic Mp3 Script.