CVE-2008-6960

high

Description

download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php.

References

https://www.exploit-db.com/exploits/7074

https://exchange.xforce.ibmcloud.com/vulnerabilities/46489

http://www.vupen.com/english/advisories/2008/3062

http://secunia.com/advisories/32537

Details

Source: Mitre, NVD

Published: 2009-08-12

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.06552