Lucene search

[email protected]CVE-2008-4522

HistoryOct 09, 2008 - 6:14 p.m.

CVE-2008-4522

2008-10-0918:14:15

CWE-22

[email protected]

web.nvd.nist.gov

cve

directory traversal

vulnerability

jmweb

mp3

music

audio

download

script

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.03 Low

EPSS

Percentile

90.9%

JSON

Multiple directory traversal vulnerabilities in JMweb MP3 Music Audio Search and Download Script allow remote attackers to include and execute arbitrary local files via a … (dot dot) in the src parameter to (1) listen.php and (2) download.php.

Affected configurations

NVD

Node

jesse-webjmweb_mp3_music_audio_search_and_download_script

CPENameOperatorVersion
jesse-web:jmweb_mp3_music_audio_search_and_download_scriptjesse-web jmweb mp3 music audio search and download scripteq*

CPE	Name	Operator	Version
jesse-web:jmweb_mp3_music_audio_search_and_download_script	jesse-web jmweb mp3 music audio search and download script	eq	*

References

secunia.com/advisories/32141

securityreason.com/securityalert/4386

www.securityfocus.com/bid/31573

exchange.xforce.ibmcloud.com/vulnerabilities/45672

www.exploit-db.com/exploits/6669

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.03 Low

EPSS

Percentile

90.9%

JSON

Related for CVE-2008-4522

cvelist1 prion1 nvd1