Vulnerabilities > X10Media > X10 Automatic MP3 Script > 1.5.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-08-12 | CVE-2008-6960 | Permissions, Privileges, and Access Controls vulnerability in X10Media X10 Automatic MP3 Script 1.5.5/1.6 download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php. | 5.0 |
2008-09-24 | CVE-2008-4141 | Code Injection vulnerability in X10Media .X10 Automatic MP3 Script 1.5.5 Multiple PHP remote file inclusion vulnerabilities in x10Media x10 Automatic MP3 Script 1.5.5 allow remote attackers to execute arbitrary PHP code via a URL in the web_root parameter to (1) includes/function_core.php and (2) templates/layout_lyrics.php. | 7.5 |