Description
Directory traversal vulnerability in downloadfile.php in eLouai's Force Download of media files script, as available on 20071030 and earlier, allows remote attackers to read arbitrary files via the file parameter. NOTE: this issue only occurs in environments where the system administrator has not followed the vendor recommendations that this product should only be used internally.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/39011
Various Sources x_refsource_misc
http://elouai.com/force-download.php
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3321
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/482679/100/0/threaded
Scores
EPSS
0.0150
EPSS Percentile
71.3%
Details
CWE
CWE-22
Status
published
Products (1)
elouai/force_download
Published
Oct 30, 2007
Tracked Since
Feb 18, 2026