Описание
download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php.
Ссылки
- Exploit
- Vendor Advisory
- Exploit
- Vendor Advisory
- Exploit
- Vendor Advisory
- Exploit
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:x10media:x10_automatic_mp3_script:1.5.5:*:*:*:*:*:*:*
cpe:2.3:a:x10media:x10_automatic_mp3_script:1.6:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.06552
Низкий
5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php.
EPSS
Процентиль: 91%
0.06552
Низкий
5 Medium
CVSS2
Дефекты
CWE-264