CVE-2008-4522

Name of the Vulnerable Software and Affected Versions JMweb MP3 Music Audio Search and Download Script (affected versions not specified)

Description The issue concerns multiple directory traversal vulnerabilities. These vulnerabilities allow remote attackers to include and execute arbitrary local files. The attack can be performed by including a .. (dot dot) in the src parameter to API endpoints such as "listen.php" and "download.php".

Recommendations For JMweb MP3 Music Audio Search and Download Script, restrict access to the "listen.php" and "download.php" API endpoints to minimize the risk of exploitation. Avoid using the src parameter in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.