Vulnerability Details CVE-2015-8309
Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.066
EPSS Ranking 90.7%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
References
- http://www.fomori.org/cherrymusic/Changes.html
- http://www.securityfocus.com/bid/97149
- https://github.com/devsnd/cherrymusic/commit/62dec34a1ea0741400dd6b6c660d303dcd651e86
- https://github.com/devsnd/cherrymusic/issues/598
- https://www.exploit-db.com/exploits/40361/
- http://www.fomori.org/cherrymusic/Changes.html
- http://www.securityfocus.com/bid/97149
- https://github.com/devsnd/cherrymusic/commit/62dec34a1ea0741400dd6b6c660d303dcd651e86
- https://github.com/devsnd/cherrymusic/issues/598
- https://www.exploit-db.com/exploits/40361/
Products affected by CVE-2015-8309
-
cpe:2.3:a:fomori:cherrymusic:0.35.2