CVE-2012-10061
Sockso Music Host Server <= 1.5 Path Traversal
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Sockso Music Host Server versions <= 1.5 are vulnerable to a path traversal flaw that allows unauthenticated remote attackers to read arbitrary files from the serverβs filesystem. The vulnerability exists in the HTTP interface on port 4444, where the endpoint /file/ fails to properly sanitize user-supplied input. Attackers can traverse directories and access sensitive files outside the intended web root.
| CWE | CWE-22 |
| Vendor | sockso project |
| Product | music host server |
| Published | Aug 20, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for sockso project music host server
Be the first to know when new unknown vulnerabilities affecting sockso project music host server are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
Affected Versions
Sockso Project / Music Host Server
* β€ 1.5
References
web.archive.org: https://web.archive.org/web/20120326095835/http://sockso.pu-gh.com/ raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/sockso_traversal.rb github.com: https://github.com/rodnaph/sockso aluigi.altervista.org: http://aluigi.altervista.org/adv/sockso_1-adv.txt exploit-db.com: https://www.exploit-db.com/exploits/18605 vulncheck.com: https://www.vulncheck.com/advisories/sockso-music-host-server-path-traversal
Credits
Luigi Auriemma