Vlad Leont: Security Vulnerabilities
download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php.
CVSS Score
5.0
EPSS Score
0.141
Published
2007-01-31