CVE-2012-10024

XBMC ≤ 11.0 Web Server Path Traversal

Description

XBMC version 11, including builds up to the 2012-11-04 nightly release, contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the server fails to properly sanitize URI input, allowing authenticated users to request files outside the intended document root. An attacker can exploit this flaw to read arbitrary files from the host filesystem, including sensitive configuration or credential files.

INFO

Published Date :

2025-08-05T20:07:06.342Z

Last Modified :

2025-08-05T20:49:10.563Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2012-10024 vulnerability.

Vendors	Products
Xbmc	Xbmc

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2012-10024.

URL	Resource
https://github.com/xbmc/xbmc
https://github.com/xbmc/xbmc/commit/bdff099c024521941cb0956fe01d99ab52a65335
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/gather/xbmc_traversal.rb
https://www.ioactive.com/wp-content/uploads/pdfs/Security_Advisory_XBMC.pdf
https://www.vulncheck.com/advisories/xbmc-web-server-path-traversal

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability