Vulnerabilities > CVE-2005-0326 - Information Disclosure vulnerability in PHP Arena Pafiledb 3.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive information via an invalid or missing action parameter, which reveals the path in an error message when it cannot include a login.php script.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family CGI abuses NASL id PAFILEDB_MULTIPLE_VULNS.NASL description The remote host is running a version of paFileDB that is prone to a wide variety of vulnerabilities, including arbitrary file uploads, local file inclusion, SQL injection, and cross-site scripting issues. last seen 2020-06-01 modified 2020-06-02 plugin id 17329 published 2005-03-15 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17329 title paFileDB <= 3.1 Multiple Vulnerabilities (2) NASL family CGI abuses NASL id PAFILEDB_CMD_EXEC.NASL description The remote host is running a version of paFileDB that is prone to a wide variety of vulnerabilities, including arbitrary file uploads, local file inclusion, SQL injection, and cross-site scripting issues. last seen 2020-06-01 modified 2020-06-02 plugin id 11806 published 2003-07-24 reporter This script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/11806 title paFileDB <= 3.1 Multiple Vulnerabilities (1)