Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
Musicco 2.0.0 allows unauthenticated access to sensitive directories
CVE-2018-25181
Summary
Musicco's newest version has a security issue that lets anyone access and download files from your system's directories without needing a password. This is a serious concern because it could let attackers see confidential information or even take control of your system. To stay safe, update Musicco to the latest version to fix this issue.
Original title
Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter. Attackers can supply directory tr...
Original description
Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter. Attackers can supply directory traversal sequences in the parent parameter of the getAlbum endpoint to access sensitive system directories and download them as ZIP files.
nvd CVSS3.1
7.5
nvd CVSS4.0
8.7
Vulnerability type
CWE-22
Path Traversal
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026