Published: 31/01/2007 Updated: 16/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 510

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

download.php in FD Script 1.3.2 and previous versions allows remote malicious users to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vlad leont fd script 1.3.2
vlad leont fd script 1.3
vlad leont fd script 1.3.1

source: wwwsecurityfocuscom/bid/22265/info FD Script is prone to an information-disclosure vulnerability because the application fails to sufficiently sanitize user-supplied input An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the webserver process Information obtaine ...

******************************************************************************* # Title : FdScript <= v132 Remote File Disclosure Vulnerability # Author : ajann # Contact : :( # Site : studusvro/~vlad_l/ # $$ : Free ******************************************************************************* [[SOURCE]]]----------- ...

NVD-CWE-Other http://www.securityfocus.com/bid/22265 http://secunia.com/advisories/23947 http://securityreason.com/securityalert/2197 http://osvdb.org/33001 http://www.vupen.com/english/advisories/2007/0383 https://exchange.xforce.ibmcloud.com/vulnerabilities/31915 http://www.securityfocus.com/archive/1/458231/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/29530/

CVE-2007-0620

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect