CVE-2007-0620

Name of the Vulnerable Software and Affected Versions FD Script versions 1.3.2 and earlier

Description The issue allows remote attackers to read the source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter. This can be demonstrated by downloading config.php.

Recommendations For FD Script versions 1.3.2 and earlier, avoid using the fname parameter in the download.php file until the issue is resolved. As a temporary workaround, consider restricting access to sensitive files, such as config.php, to minimize the risk of exploitation.