{"api_version":"1","generated_at":"2026-04-25T08:59:57+00:00","cve":"CVE-2008-6960","urls":{"html":"https://cve.report/CVE-2008-6960","api":"https://cve.report/api/cve/CVE-2008-6960.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2008-6960","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2008-6960"},"summary":{"title":"CVE-2008-6960","description":"download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php.","state":"PUBLISHED","assigner":"mitre","published_at":"2009-08-12 10:30:01","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-264","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/46489","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/46489","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2008/3062","name":"http://www.vupen.com/english/advisories/2008/3062","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/32537","name":"http://secunia.com/advisories/32537","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"x10 Automatic MP3 Script \"url\" File Disclosure Vulnerability - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/32227","name":"http://www.securityfocus.com/bid/32227","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"x10 Automatic MP3 Script 'url' Parameter File Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://osvdb.org/49797","name":"http://osvdb.org/49797","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"https://www.exploit-db.com/exploits/7074","name":"https://www.exploit-db.com/exploits/7074","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"X10media Mp3 Search Engine <= 1.6 Remote File Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2008-6960","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-6960","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2008","cve_id":"6960","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"x10media","cpe5":"x10_automatic_mp3_script","cpe6":"1.5.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"6960","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"x10media","cpe5":"x10_automatic_mp3_script","cpe6":"1.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T11:49:02.466Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"7074","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"https://www.exploit-db.com/exploits/7074"},{"name":"32227","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/32227"},{"name":"32537","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/32537"},{"name":"ADV-2008-3062","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2008/3062"},{"name":"x10automaticmp3-url-info-disclosure(46489)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/46489"},{"name":"49797","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/49797"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2008-11-09T00:00:00.000Z","descriptions":[{"lang":"en","value":"download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-09-28T12:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"7074","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"https://www.exploit-db.com/exploits/7074"},{"name":"32227","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/32227"},{"name":"32537","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/32537"},{"name":"ADV-2008-3062","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2008/3062"},{"name":"x10automaticmp3-url-info-disclosure(46489)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/46489"},{"name":"49797","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/49797"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2008-6960","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"7074","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/7074"},{"name":"32227","refsource":"BID","url":"http://www.securityfocus.com/bid/32227"},{"name":"32537","refsource":"SECUNIA","url":"http://secunia.com/advisories/32537"},{"name":"ADV-2008-3062","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2008/3062"},{"name":"x10automaticmp3-url-info-disclosure(46489)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/46489"},{"name":"49797","refsource":"OSVDB","url":"http://osvdb.org/49797"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2008-6960","datePublished":"2009-08-12T10:00:00.000Z","dateReserved":"2009-08-11T00:00:00.000Z","dateUpdated":"2024-08-07T11:49:02.466Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2009-08-12 10:30:01","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-264","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:x10media:x10_automatic_mp3_script:1.5.5:*:*:*:*:*:*:*","matchCriteriaId":"D03C9233-19C5-40D0-A908-4591C9EDE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:x10media:x10_automatic_mp3_script:1.6:*:*:*:*:*:*:*","matchCriteriaId":"360D04A0-F42E-4DD5-9B91-1A44C59D4927"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2008","CveId":"6960","Ordinal":"1","Title":"CVE-2008-6960","CVE":"CVE-2008-6960","Year":"2008"},"notes":[{"CveYear":"2008","CveId":"6960","Ordinal":"1","NoteData":"download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php.","Type":"Description","Title":"CVE-2008-6960"},{"CveYear":"2008","CveId":"6960","Ordinal":"2","NoteData":"2009-08-12","Type":"Other","Title":"Published"},{"CveYear":"2008","CveId":"6960","Ordinal":"3","NoteData":"2017-09-28","Type":"Other","Title":"Modified"}]}}}