Description
download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php.
Exploits (1)
References (6)
Core 6
Core References
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/7074
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/32227
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32537
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/3062
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46489
Exploit vdb-entry
x_refsource_osvdb
http://osvdb.org/49797
Scores
EPSS
0.0655
EPSS Percentile
91.2%
Details
CWE
CWE-264
Status
published
Products (2)
x10media/x10_automatic_mp3_script
1.5.5
x10media/x10_automatic_mp3_script
1.6
Published
Aug 12, 2009
Tracked Since
Feb 18, 2026