CVE-2008-4174

Dynamic MP3 Lister 2.0.1 - Cross-Site Scripting via currentpath invert search or sort Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4174. PoCs published by Xylitol.

AI-analyzed exploit summary The exploit describes multiple XSS vulnerabilities in Dynamic MP3 Lister due to insufficient sanitization of user-supplied input in parameters like 'currentpath', 'sort', 'invert', and 'search'. It provides example URLs demonstrating the vulnerability but does not include executable code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dynamic MP3 Lister 2.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) currentpath, (2) invert, (3) search, and (4) sort parameters.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Xylitol · textwebappsphp
https://www.exploit-db.com/exploits/32364

The exploit describes multiple XSS vulnerabilities in Dynamic MP3 Lister due to insufficient sanitization of user-supplied input in parameters like 'currentpath', 'sort', 'invert', and 'search'. It provides example URLs demonstrating the vulnerability but does not include executable code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: Dynamic MP3 Lister 2.0.1
No auth needed
Prerequisites: Access to the vulnerable web application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.org/0809-exploits/dynamicmp3-xss.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45111
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31151

Scores

EPSS 0.0192
EPSS Percentile 83.6%

Details

CWE
CWE-79
Status published
Products (1)
benjamin_kuz/dynamic_mp3_lister 2.0.1
Published Sep 23, 2008
Tracked Since Feb 18, 2026