CVE-2007-5732

Name of the Vulnerable Software and Affected Versions eLouai's Force Download of media files script versions 20071030 and earlier

Description A directory traversal issue exists, allowing remote attackers to read arbitrary files via the file parameter in the "downloadfile.php" script. This issue is notable in environments where the system administrator has not followed vendor recommendations to use the product only internally.

Recommendations For versions 20071030 and earlier, consider restricting access to the "downloadfile.php" script until a fix is available, and ensure the product is used only internally as recommended by the vendor.