cbcvebase.
CVE-2017-15956
published 2017-10-29

CVE-2017-15956: ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php.

PriorityP354high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
4.66%
90.6th percentile
ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
converto_video_downloader_converter_projectconverto_video_downloader_converter

Detection & IOCsextracted from sources · hover to see the quote

pathdownload.php
urlhttp://localhost/[PATH]/download.php?mime=video/webm&title=Efe&token=[FILENAME_to_BASE64]
  • Monitor HTTP requests to download.php containing a 'token' parameter; the token value is a Base64-encoded filename used to traverse and download arbitrary files from the server.
  • Alert on requests to download.php where the 'mime' parameter is set to unexpected MIME types (e.g., text/plain, application/octet-stream) rather than legitimate video types, which may indicate an attacker attempting to exfiltrate non-video files.
  • Decode Base64 values in the 'token' query parameter on requests to download.php; decoded values resolving to sensitive paths (e.g., /etc/passwd, config files) indicate active exploitation.
  • ·The vulnerable endpoint is download.php within the ConverTo application path; the exact web root path ([PATH]) is installation-dependent and must be adjusted in detection rules accordingly.
  • ·This vulnerability affects specifically version 1.4.1 of ConverTo Video Downloader & Converter; detections should be scoped to installations running this version.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.