CVE-2008-6960 : download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitr

download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php.

Published 2009-08-12 10:30:01

Updated 2017-09-29 01:33:27

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2008-6960

Probability of exploitation activity in the next 30 days: 4.84%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 93 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2008-6960

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2008-6960

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-6960

Products affected by CVE-2008-6960

X10media » X10 Automatic Mp3 Script » Version: 1.5.5
cpe:2.3:a:x10media:x10_automatic_mp3_script:1.5.5:*:*:*:*:*:*:*
Matching versions
X10media » X10 Automatic Mp3 Script » Version: 1.6
cpe:2.3:a:x10media:x10_automatic_mp3_script:1.6:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2008-6960

Exploit prediction scoring system (EPSS) score for CVE-2008-6960

CVSS scores for CVE-2008-6960

CWE ids for CVE-2008-6960

References for CVE-2008-6960

Products affected by CVE-2008-6960