CVE-2007-0620

CVE-2007-0620 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php.

Learn more about our Web App Pen Testing.