Info

Disclosure

Apr 27, 2004

Discovery

Jan 01, 2001

Dates

Exploit

Apr 27, 2004

Solution

Unknown

Description

paFileDB contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when requesting the 'search.php' script directly, which will disclose the installation path resulting in a loss of confidentiality.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Public
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

PHP Arena

paFileDB

3.1

References

Secunia Advisory ID: 11489
Related OSVDB ID: 14967 14968 14970 14971 14972 14973 14974 14975 14976 14977 15033 5695 5696
ISS X-Force ID: 15990
CVE ID: 2004-1974 (see also: NVD) 2005-0724 (see also: NVD)
Mail List Post: http://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032287.html
http://marc.theaimsgroup.com/?l=bugtraq&m=108311096022485&w=2
Vendor URL: http://www.phparena.net/pafiledb.php

Credit

sp3x -

Direct URL: http://osvdb.org/14969