Multiple directory traversal vulnerabilities in JMweb MP3 Music Audio Search and Download Script allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the src parameter to (1) listen.php and (2) download.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jesse-web jmweb mp3 music audio search and download script |