CVE-2007-0620

{"id": "CVE-2007-0620", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-01-31T11:28:00.000", "references": [{"url": "http://osvdb.org/33001", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23947", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/2197", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/458231/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22265", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/0383", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31915", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/33001", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/23947", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/2197", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/458231/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/22265", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/0383", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31915", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php."}, {"lang": "es", "value": "download.php en el FD Script 1.3.2 y versiones anteriores permite a atacantes remotos leer ficheros fuente bajo el ra\u00edz de los documentos web con ciertas extensiones, inluyendo .php, mediante una ruta relativa en el par\u00e1metro fname, como lo demostrado con la descarga del config.php."}], "lastModified": "2024-11-21T00:26:19.720", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vlad_leont:fd_script:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D6CB914-8A20-4570-A98B-140C565D3AF2"}, {"criteria": "cpe:2.3:a:vlad_leont:fd_script:1.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82FC5F40-F8BA-4921-AA05-9824FC42BEF3"}, {"criteria": "cpe:2.3:a:vlad_leont:fd_script:1.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5EF4A635-D3F2-4552-A4D8-A22D82C2F828"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}