Path Traversal in Xbmc Media Center
CVE-2012-10024
XBMC version 11.0 contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the server fails to properly sanitize URI input, allowing authenticated users to request files outside the…
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.648 (98.5th percentile) — read the EPSS interpretation.
Affected products
- Xbmc Media Center — versions 0
Weakness classification (CWE)
Public proof-of-concept exploits
References
- disclosure@vulncheck.com (technical-description, exploit)
- disclosure@vulncheck.com (exploit)
- disclosure@vulncheck.com (patch)
- disclosure@vulncheck.com (product)
- disclosure@vulncheck.com (third-party-advisory)
Frequently asked questions
- What is CVE-2012-10024?
- CVE-2012-10024 is a vulnerability in Xbmc Media Center, classified under Path Traversal. Published 2025-08-05.
- Is CVE-2012-10024 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.