Vulnerability Details CVE-2015-8309
Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.067
EPSS Ranking 93.0%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
References
- http://www.fomori.org/cherrymusic/Changes.html
- http://www.securityfocus.com/bid/97149
- https://github.com/devsnd/cherrymusic/commit/62dec34a1ea0741400dd6b6c660d303dcd651e86
- https://github.com/devsnd/cherrymusic/issues/598
- https://www.exploit-db.com/exploits/40361/
- http://www.fomori.org/cherrymusic/Changes.html
- http://www.securityfocus.com/bid/97149
- https://github.com/devsnd/cherrymusic/commit/62dec34a1ea0741400dd6b6c660d303dcd651e86
- https://github.com/devsnd/cherrymusic/issues/598
- https://www.exploit-db.com/exploits/40361/
Products affected by CVE-2015-8309
-
cpe:2.3:a:fomori:cherrymusic:0.35.2