CVE-2008-6960 Information
Description
download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter as demonstrated by obtaining database credentials from includes/constants.php.
Reference
http://osvdb.org/49797 http://secunia.com/advisories/32537 http://www.securityfocus.com/bid/32227 http://www.vupen.com/english/advisories/2008/3062 https://exchange.xforce.ibmcloud.com/vulnerabilities/46489 x10automaticmp3-url-info-disclosure(46489) https://www.exploit-db.com/exploits/7074 download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter as demonstrated by obtaining database credentials from includes/constants.php.
Share on: