CVE-2007-5732

Published Oct 30, 2007

Last updated 6 years ago

Overview

Description: Directory traversal vulnerability in downloadfile.php in eLouai's Force Download of media files script, as available on 20071030 and earlier, allows remote attackers to read arbitrary files via the file parameter. NOTE: this issue only occurs in environments where the system administrator has not followed the vendor recommendations that this product should only be used internally.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:elouai:force_download:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A00A5A2-6B5F-4338-82BD-A61B6CD2A647"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References