Remote File Disclosure in FD Script by FDC Technologies
CVE-2007-0620

Currently unrated

Key Information:

Vendor

Vlad Leont

Status
Fd Script
Vendor
CVE Published:
31 January 2007

What is CVE-2007-0620?

The flaw in FD Script versions 1.3.2 and earlier allows remote attackers to exploit the 'fname' parameter in download.php to access sensitive files within the web server's document root. This vulnerability can lead to unauthorized exposure of files with specific extensions, such as .php, thereby compromising application confidentiality and integrity. It is crucial for users of the affected software version to implement security measures to mitigate this risk and safeguard sensitive data.

References

http://secunia.com/advisories/23947
third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/archive/1/458231/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://osvdb.org/33001
vdb-entryx_refsource_OSVDB

EPSS Score

13% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.