cbcvebase.
CVE-2012-10061
published 2025-08-20

CVE-2012-10061: Sockso Music Host Server versions <= 1.5 are vulnerable to a path traversal flaw that allows unauthenticated remote attackers to read arbitrary files from the…

PriorityP267high8.7CVSS 4.0
AVNACLATNPRNUINVCHVINVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.17%
63.4th percentile
Sockso Music Host Server versions <= 1.5 are vulnerable to a path traversal flaw that allows unauthenticated remote attackers to read arbitrary files from the server’s filesystem. The vulnerability exists in the HTTP interface on port 4444, where the endpoint /file/ fails to properly sanitize user-supplied input. Attackers can traverse directories and access sensitive files outside the intended web root.

Affected

1 ranges
VendorProductVersion rangeFixed in
sockso_projectmusic_host_server<= 1.5

Detection & IOCsextracted from sources · hover to see the quote

port4444
path/file/
command../
  • Monitor HTTP requests to port 4444 targeting the /file/ endpoint containing directory traversal sequences (e.g., '../') in the path, which are indicative of exploitation attempts against Sockso Music Host Server.
  • ·The traversal vulnerability is only exploitable on Sockso Music Host Server versions 1.5 and below; verify the deployed version before applying detections to avoid false positives on patched instances.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.