Vulnerabilities > CVE-2007-0620 - Information Disclosure vulnerability in Vlad Leont FD Script 1.3/1.3.1/1.3.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Exploit-Db
description | FD Script 1.3.x FName Parameter Information Disclosure Vulnerability. CVE-2007-0620. Webapps exploit for php platform |
id | EDB-ID:29530 |
last seen | 2016-02-03 |
modified | 2007-01-26 |
published | 2007-01-26 |
reporter | ajann |
source | https://www.exploit-db.com/download/29530/ |
title | FD Script 1.3.x FName Parameter Information Disclosure Vulnerability |
References
- http://osvdb.org/33001
- http://secunia.com/advisories/23947
- http://securityreason.com/securityalert/2197
- http://www.securityfocus.com/archive/1/458231/100/0/threaded
- http://www.securityfocus.com/bid/22265
- http://www.vupen.com/english/advisories/2007/0383
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31915