Unrated severityNVD Advisory· Published Jan 31, 2007· Updated Jun 16, 2026
CVE-2007-0620
CVE-2007-0620
Description
download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:vlad_leont:fd_script:1.3:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:vlad_leont:fd_script:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:vlad_leont:fd_script:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:vlad_leont:fd_script:1.3.2:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
7News mentions
0No linked articles in our index yet.