Lucene search

[email protected]CVE-2008-4141

HistorySep 24, 2008 - 5:41 a.m.

CVE-2008-4141

2008-09-2405:41:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2008-4141

php

remote file inclusion

x10media

automatic mp3 script

8.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.072 Low

EPSS

Percentile

93.9%

JSON

Multiple PHP remote file inclusion vulnerabilities in x10Media x10 Automatic MP3 Script 1.5.5 allow remote attackers to execute arbitrary PHP code via a URL in the web_root parameter to (1) includes/function_core.php and (2) templates/layout_lyrics.php.

CPENameOperatorVersion
x10media:.x10_automatic_mp3_scriptx10media .x10 automatic mp3 scripteq1.5.5

CPE	Name	Operator	Version
x10media:.x10_automatic_mp3_script	x10media .x10 automatic mp3 script	eq	1.5.5

References

packetstormsecurity.org/0809-exploits/x10media-rfi.txt

secunia.com/advisories/31920

securityreason.com/securityalert/4294

www.securityfocus.com/bid/31225

www.vupen.com/english/advisories/2008/2608

exchange.xforce.ibmcloud.com/vulnerabilities/45224

www.exploit-db.com/exploits/6480

8.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.072 Low

EPSS

Percentile

93.9%

JSON

Related for CVE-2008-4141

prion1