CVE-2015-8309

MEDIUM

Cherry Music <0.36.0 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."

Exploits (1)

exploitdb WORKING POC VERIFIED
by feedersec · pythonwebappsphp
https://www.exploit-db.com/exploits/40361

References (5)

Scores

CVSS v3 4.3
EPSS 0.0656
EPSS Percentile 91.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

CWE
CWE-22
Status published

Affected Products (3)

fomori/cherrymusic < 0.35.2
pypi/CherryMusic < 0.36.0PyPI
n/a/n/a

Timeline

Published Mar 27, 2017
Tracked Since Feb 18, 2026