We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2012-10024

XBMC ≤ 11.0 Web Server Path Traversal



Description

XBMC version 11, including builds up to the 2012-11-04 nightly release, contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the server fails to properly sanitize URI input, allowing authenticated users to request files outside the intended document root. An attacker can exploit this flaw to read arbitrary files from the host filesystem, including sensitive configuration or credential files.

Reserved 2025-08-05 | Published 2025-08-05 | Updated 2025-08-05 | Assigner VulnCheck


HIGH: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status
unaffected

*
affected

Credits

Lucas "acidgen" Lundgren finder

References

www.ioactive.com/.../uploads/pdfs/Security_Advisory_XBMC.pdf technical-description exploit

raw.githubusercontent.com/...iliary/gather/xbmc_traversal.rb exploit

github.com/...ommit/bdff099c024521941cb0956fe01d99ab52a65335 patch

github.com/xbmc/xbmc product

www.vulncheck.com/advisories/xbmc-web-server-path-traversal third-party-advisory

cve.org (CVE-2012-10024)

nvd.nist.gov (CVE-2012-10024)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2012-10024

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.