Vulnerability Description
download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vlad Leont | Fd Script | 1.3 |
References
- http://osvdb.org/33001
- http://secunia.com/advisories/23947Vendor Advisory
- http://securityreason.com/securityalert/2197
- http://www.securityfocus.com/archive/1/458231/100/0/threaded
- http://www.securityfocus.com/bid/22265Exploit
- http://www.vupen.com/english/advisories/2007/0383
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31915
- http://osvdb.org/33001
- http://secunia.com/advisories/23947Vendor Advisory
- http://securityreason.com/securityalert/2197
- http://www.securityfocus.com/archive/1/458231/100/0/threaded
- http://www.securityfocus.com/bid/22265Exploit
- http://www.vupen.com/english/advisories/2007/0383
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31915
FAQ
What is CVE-2007-0620?
CVE-2007-0620 is a vulnerability with a CVSS score of 5.0 (MEDIUM). download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname pa...
How severe is CVE-2007-0620?
CVE-2007-0620 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0620?
Check the references section above for vendor advisories and patch information. Affected products include: Vlad Leont Fd Script.