Vulnerabilities > CVE-2007-0620 - Information Disclosure vulnerability in Vlad Leont FD Script 1.3/1.3.1/1.3.2

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
vlad-leont
exploit available

Summary

download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php.

Vulnerable Configurations

Part Description Count
Application
Vlad_Leont
3

Exploit-Db

descriptionFD Script 1.3.x FName Parameter Information Disclosure Vulnerability. CVE-2007-0620. Webapps exploit for php platform
idEDB-ID:29530
last seen2016-02-03
modified2007-01-26
published2007-01-26
reporterajann
sourcehttps://www.exploit-db.com/download/29530/
titleFD Script 1.3.x FName Parameter Information Disclosure Vulnerability