CVE-2008-6960

Published: Aug 12, 2009Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php.

Affected (2)

Products: X10media: X10 Automatic Mp3 Script

X10media

1 product

X10 Automatic Mp3 Script

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
X10media X10 Automatic Mp3 Script	Version 1.5.5
X10media X10 Automatic Mp3 Script	Version 1.6

Related CWEs

CWE-264

References (12)

http://osvdb.org/49797

Source: cve@mitre.org

Exploit

http://secunia.com/advisories/32537

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/32227

Source: cve@mitre.org

Exploit

http://www.vupen.com/english/advisories/2008/3062

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/46489

Source: cve@mitre.org

https://www.exploit-db.com/exploits/7074

Source: cve@mitre.org

http://osvdb.org/49797