nvd-json-data-feeds/CVE-2008/CVE-2008-69xx/CVE-2008-6960.json

{
  "id": "CVE-2008-6960",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2009-08-12T10:30:01.063",
  "lastModified": "2017-09-29T01:33:27.213",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php."
    },
    {
      "lang": "es",
      "value": "download.php en X10media x10 Automatic Mp3 Search Engine Script v1.5.5 a la v1.6, permite a atacantes remotos la lectura de archivos de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"url\" codificado, como se demostr\u00f3 obteniendo las credenciales de la base de datos desde includes/constants.php."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:x10media:x10_automatic_mp3_script:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D03C9233-19C5-40D0-A908-4591C9EDE6D6"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:x10media:x10_automatic_mp3_script:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "360D04A0-F42E-4DD5-9B91-1A44C59D4927"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.securityfocus.com/bid/32227",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ]
    },
    {
      "url": "http://www.vupen.com/english/advisories/2008/3062",
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46489",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://www.exploit-db.com/exploits/7074",
      "source": "cve@mitre.org"
    }
  ]
}