Volerion logoVolerion
Volerion logoVolerion

Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Sockso Music Host Server Directory Traversal Vulnerability

Vulnerability

A directory traversal vulnerability has been identified in Sockso Music Host Server versions through 1.5. This flaw allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. The issue arises in the HTTP interface on port 4444, where the /file/ endpoint fails to properly sanitize user-supplied input. As a result, attackers can traverse directories and access sensitive files outside the intended web root.

Impact

Exploitation of this vulnerability allows for arbitrary file reading from the server's filesystem, which could lead to the disclosure of sensitive information.

Reproduction

The vulnerability can be reproduced by sending a GET request to the /file/ endpoint on port 4444, including directory traversal sequences (such as '../') in the file path. This will retrieve the specified file from the server. For example, requesting 'windows/system.ini' will download that file via the traversal exploit.

Remediation

Users are advised to upgrade to Sockso version 1.5.1, which addresses the directory traversal vulnerability.

Added: Aug 20, 2025, 4:21 PM
Updated: Aug 20, 2025, 4:21 PM

Vulnerability Rating

Custom Algorithm
spread
0.3
impact
2.5
exploitability
9.4
remediation
7.7
relevance
0.4
threat
9.1
urgency
2.9
incentive
10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.