0xMarcio/cve
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
master
cve/2012/CVE-2012-10061.md

20 lines
1.2 KiB
Markdown
Raw Permalink Normal View History

Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00
### [CVE-2012-10061](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-10061)
![](https://img.shields.io/static/v1?label=Product&message=Music%20Host%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=*%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brightgreen)
### Description
Sockso Music Host Server versions <= 1.5 are vulnerable to a path traversal flaw that allows unauthenticated remote attackers to read arbitrary files from the servers filesystem. The vulnerability exists in the HTTP interface on port 4444, where the endpoint /file/ fails to properly sanitize user-supplied input. Attackers can traverse directories and access sensitive files outside the intended web root.
### POC
#### Reference
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/sockso_traversal.rb
- https://www.exploit-db.com/exploits/18605
- https://www.vulncheck.com/advisories/sockso-music-host-server-path-traversal
#### Github
No PoCs found on GitHub currently.
Reference in New Issue Copy Permalink