CVE-2015-8309
published 2017-03-27CVE-2015-8309: Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to…
PriorityP336medium4.3CVSS 3.0
AVNACLPRLUINSUCLINAN
EXPLOIT
EPSS
6.67%
93.1th percentile
Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fomori | cherrymusic | <= 0.35.2 | — |
| fomori | cherrymusic | >= 0 < 0.36.0 | 0.36.0 |
| fomori | cherrymusic | >= 0 < 62dec34a1ea0741400dd6b6c660d303dcd651e86 | 62dec34a1ea0741400dd6b6c660d303dcd651e86 |
CVSS provenance
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Cherry Music directory traversal vulnerability
ghsa·2022-05-17
CVE-2015-8309 [MEDIUM] CWE-22 Cherry Music directory traversal vulnerability
Cherry Music directory traversal vulnerability
Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."
OSV
Cherry Music directory traversal vulnerability
osv·2022-05-17
CVE-2015-8309 [MEDIUM] Cherry Music directory traversal vulnerability
Cherry Music directory traversal vulnerability
Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."
OSV
CVE-2015-8309: Directory traversal vulnerability in Cherry Music before 0
osv·2017-03-27
CVE-2015-8309 CVE-2015-8309: Directory traversal vulnerability in Cherry Music before 0
Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."
No detection rules found.
No writeups or analysis indexed.
http://www.fomori.org/cherrymusic/Changes.htmlhttp://www.securityfocus.com/bid/97149https://github.com/devsnd/cherrymusic/commit/62dec34a1ea0741400dd6b6c660d303dcd651e86https://github.com/devsnd/cherrymusic/issues/598https://www.exploit-db.com/exploits/40361/http://www.fomori.org/cherrymusic/Changes.htmlhttp://www.securityfocus.com/bid/97149https://github.com/devsnd/cherrymusic/commit/62dec34a1ea0741400dd6b6c660d303dcd651e86https://github.com/devsnd/cherrymusic/issues/598https://www.exploit-db.com/exploits/40361/
2017-03-27
Published