CVE-2015-8309

Опубликовано: 27 мар. 2017

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."

Ссылки

http://www.fomori.org/cherrymusic/Changes.html
Release Notes
Vendor Advisory
http://www.securityfocus.com/bid/97149
https://github.com/devsnd/cherrymusic/commit/62dec34a1ea0741400dd6b6c660d303dcd651e86
Patch
Third Party Advisory
https://github.com/devsnd/cherrymusic/issues/598
Third Party Advisory
https://www.exploit-db.com/exploits/40361/
Exploit
Third Party Advisory
VDB Entry
http://www.fomori.org/cherrymusic/Changes.html
Release Notes
Vendor Advisory
http://www.securityfocus.com/bid/97149
https://github.com/devsnd/cherrymusic/commit/62dec34a1ea0741400dd6b6c660d303dcd651e86
Patch
Third Party Advisory
https://github.com/devsnd/cherrymusic/issues/598
Third Party Advisory
https://www.exploit-db.com/exploits/40361/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fomori:cherrymusic:*:*:*:*:*:*:*:*

Версия до 0.35.2 (включая)

EPSS

Процентиль: 91%

0.06564

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-q624-9634-77gh