Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6960

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-6960
Last Modified 18 Aug 2009 12:00:00
Published 12 Aug 2009 06:30:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6960

Summary

download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php.

Vulnerable Systems

Application

  • X10media X10 Automatic Mp3 Script 1.5.5

  • X10media X10 Automatic Mp3 Script 1.6


References

XF - x10automaticmp3-url-info-disclosure(46489)

VUPEN - ADV-2008-3062

BID - 32227

MILW0RM - 7074

SECUNIA - 32537

OSVDB - 49797


Last Updated: 27 May 2016 10:49:24