Vulnerabilities > CVE-2005-0724 - Information Disclosure vulnerability in paFileDB
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via (1) an invalid str parameter to pafiledb.php, or a direct request to (2) viewall.php, (3) stats.php, (4) search.php, (5) rate.php, (6) main.php, (7) license.php, (8) category.php, (9) download.php, (10) file.php, (11) email.php, or (12) admin.php, which reveals the path in a PHP error message.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family CGI abuses NASL id PAFILEDB_MULTIPLE_VULNS.NASL description The remote host is running a version of paFileDB that is prone to a wide variety of vulnerabilities, including arbitrary file uploads, local file inclusion, SQL injection, and cross-site scripting issues. last seen 2020-06-01 modified 2020-06-02 plugin id 17329 published 2005-03-15 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17329 title paFileDB <= 3.1 Multiple Vulnerabilities (2) NASL family CGI abuses NASL id PAFILEDB_CMD_EXEC.NASL description The remote host is running a version of paFileDB that is prone to a wide variety of vulnerabilities, including arbitrary file uploads, local file inclusion, SQL injection, and cross-site scripting issues. last seen 2020-06-01 modified 2020-06-02 plugin id 11806 published 2003-07-24 reporter This script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/11806 title paFileDB <= 3.1 Multiple Vulnerabilities (1)