CVE-2008-6960

EUVD-2008-6919
download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
x10mediax10_automatic_mp3_script
1.5.5
x10mediax10_automatic_mp3_script
1.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/49797
http://secunia.com/advisories/32537
http://www.securityfocus.com/bid/32227
http://www.vupen.com/english/advisories/2008/3062
https://exchange.xforce.ibmcloud.com/vulnerabilities/46489
https://www.exploit-db.com/exploits/7074
http://osvdb.org/49797
http://secunia.com/advisories/32537
http://www.securityfocus.com/bid/32227
http://www.vupen.com/english/advisories/2008/3062
https://exchange.xforce.ibmcloud.com/vulnerabilities/46489
https://www.exploit-db.com/exploits/7074