{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T10:22:49.643","vulnerabilities":[{"cve":{"id":"CVE-2012-10024","sourceIdentifier":"disclosure@vulncheck.com","published":"2025-08-05T20:15:33.033","lastModified":"2026-05-26T00:16:42.150","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"XBMC version 11.0 contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the server fails to properly sanitize URI input, allowing authenticated users to request files outside the intended document root. An attacker can exploit this flaw to read arbitrary files from the host filesystem, including sensitive configuration or credential files."},{"lang":"es","value":"La versión 11 de XBMC, incluidas las compilaciones hasta la versión nocturna del 4 de noviembre de 2012, contiene una vulnerabilidad de Path traversal en su servidor HTTP integrado. Al acceder mediante autenticación básica HTTP, el servidor no depura correctamente la entrada URI, lo que permite a los usuarios autenticados solicitar archivos fuera de la raíz del documento. Un atacante puede explotar esta vulnerabilidad para leer archivos arbitrarios del sistema de archivos del host, incluyendo archivos confidenciales de configuración o credenciales."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/xbmc/xbmc","source":"disclosure@vulncheck.com"},{"url":"https://github.com/xbmc/xbmc/commit/bdff099c024521941cb0956fe01d99ab52a65335","source":"disclosure@vulncheck.com"},{"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/gather/xbmc_traversal.rb","source":"disclosure@vulncheck.com"},{"url":"https://www.ioactive.com/wp-content/uploads/pdfs/Security_Advisory_XBMC.pdf","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/xbmc-web-server-path-traversal","source":"disclosure@vulncheck.com"}]}}]}