RSS   Vulnerabilities for 'Fd script'   RSS

2007-01-31
 
CVE-2007-0620

CWE-Other
 

 
download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php.

 


Copyright 2024, cxsecurity.com

 

Back to Top