Security Advisory

CVE-2007-0620

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2007-01-31 11:00:00

Last updated 2024-08-07 12:26:54

Assigner mitre

State PUBLISHED

Description

download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php.

← Browse all CVEs View on cve.org ↗