CVE-2013-3564
MEDIUMVLC media player < 2.0.7 - Unauthenticated Exposure of Sensitive Information via Web Interface
Title source: llmDescription
The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-007.txt
Scores
CVSS v3
5.3
EPSS
0.0111
EPSS Percentile
62.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
videolan/vlc_media_player
< 2.0.7
Published
Feb 06, 2020
Tracked Since
Feb 18, 2026