CVE-2013-3564

MEDIUM

VLC media player < 2.0.7 - Unauthenticated Exposure of Sensitive Information via Web Interface

Title source: llm
STIX 2.1

Description

The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating.

References (1)

Core 1
Core References

Scores

CVSS v3 5.3
EPSS 0.0111
EPSS Percentile 62.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
videolan/vlc_media_player < 2.0.7
Published Feb 06, 2020
Tracked Since Feb 18, 2026