CVE-2007-5732

eLouai Force Download - Path Traversal via File Parameter

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in downloadfile.php in eLouai's Force Download of media files script, as available on 20071030 and earlier, allows remote attackers to read arbitrary files via the file parameter. NOTE: this issue only occurs in environments where the system administrator has not followed the vendor recommendations that this product should only be used internally.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/39011
Various Sources x_refsource_misc
http://elouai.com/force-download.php
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3321
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/482679/100/0/threaded

Scores

EPSS 0.0150
EPSS Percentile 71.3%

Details

CWE
CWE-22
Status published
Products (1)
elouai/force_download
Published Oct 30, 2007
Tracked Since Feb 18, 2026