CVE-2012-10061
published 2025-08-20CVE-2012-10061: Sockso Music Host Server versions <= 1.5 are vulnerable to a path traversal flaw that allows unauthenticated remote attackers to read arbitrary files from the…
PriorityP267high8.7CVSS 4.0
AVNACLATNPRNUINVCHVINVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.17%
63.4th percentile
Sockso Music Host Server versions <= 1.5 are vulnerable to a path traversal flaw that allows unauthenticated remote attackers to read arbitrary files from the server’s filesystem. The vulnerability exists in the HTTP interface on port 4444, where the endpoint /file/ fails to properly sanitize user-supplied input. Attackers can traverse directories and access sensitive files outside the intended web root.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sockso_project | music_host_server | <= 1.5 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests to port 4444 targeting the /file/ endpoint containing directory traversal sequences (e.g., '../') in the path, which are indicative of exploitation attempts against Sockso Music Host Server. ↗
- ·The traversal vulnerability is only exploitable on Sockso Music Host Server versions 1.5 and below; verify the deployed version before applying detections to avoid false positives on patched instances. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://aluigi.altervista.org/adv/sockso_1-adv.txthttps://github.com/rodnaph/socksohttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/sockso_traversal.rbhttps://web.archive.org/web/20120326095835/http://sockso.pu-gh.com/https://www.exploit-db.com/exploits/18605https://www.vulncheck.com/advisories/sockso-music-host-server-path-traversal
2025-08-20
Published