NuytsTech Security

CVE-2007-0620

by ·

download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php.

Date published : 2007-01-31

http://www.securityfocus.com/bid/22265

http://www.securityfocus.com/archive/1/458231/100/0/threaded

Tags: