CVE-2008-6960

Sažetak

download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php.

Reference

http://osvdb.org/49797
http://secunia.com/advisories/32537
http://www.securityfocus.com/bid/32227
http://www.vupen.com/english/advisories/2008/3062
https://exchange.xforce.ibmcloud.com/vulnerabilities/46489
https://www.exploit-db.com/exploits/7074

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

29-09-2017 - 01:33

Objavljeno

12-08-2009 - 10:30