CVE-2008-6960

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2008-6960
download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://www.vupen.com/english/advisories/2008/3062 Vendor Advisory
http://secunia.com/advisories/32537 Vendor Advisory
http://www.securityfocus.com/bid/32227 Exploit
http://osvdb.org/49797 Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/46489
https://www.exploit-db.com/exploits/7074
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:x10media:x10_automatic_mp3_script:1.5.5:*:*:*:*:*:*:*
cpe:2.3:a:x10media:x10_automatic_mp3_script:1.6:*:*:*:*:*:*:*
Information

Published : 2009-08-12 03:30

Updated : 2017-09-28 18:33

NVD link : CVE-2008-6960

Mitre link : CVE-2008-6960

JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa
Products Affected

x10media

  • x10_automatic_mp3_script