A vulnerability in x10 Automatic MP3 Script, which can be exploited by malicious people to disclose potentially sensitive information.

A vulnerability in x10 Automatic MP3 Script, which can be exploited by malicious people to disclose potentially sensitive information.

Input passed to the "url" parameter in download.php is not properly verified before being used. This can be exploited to e.g. download arbitrary local files.

The vulnerability is reported in version 1.6. Other versions may also be affected.

Edit the source code to ensure that input is properly verified.