Energyscripts · Energyscripts (Es) Simple Download · CVE-2010-3456
**Name of the Vulnerable Software and Affected Versions**
EnergyScripts (ES) Simple Download version 1.0
**Description**
The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the download.php file. This is achieved by using a .. (dot dot) in the `file` parameter.
**Recommendations**
For EnergyScripts (ES) Simple Download version 1.0, consider restricting access to the download.php file until a fix is available, and avoid using the `file` parameter with untrusted input.