CVE-2008-6960
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
12/08/2009
Last modified:
29/09/2017
Description
download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:x10media:x10_automatic_mp3_script:1.5.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:x10media:x10_automatic_mp3_script:1.6:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page