download.php in FD Script 1.3.2 and previous versions allows remote malicious users to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vlad leont fd script 1.3.2 |
||
vlad leont fd script 1.3 |
||
vlad leont fd script 1.3.1 |