A vulnerability has been identified in FD Script, which could be exploited by attackers to gain unauthorized access to arbitrary files on a vulnerable system. This flaw is due to an input validation error in the "download.php" script that does not validate the "fname" parameter before being passed to a "readfile()" call, which could be exploited by malicious users to access and read the contents of arbitrary files.
Vulnerable Products
Vulnerable Software: FD Script version 1.3.2 and prior
