Lucene search

[email protected]CVE-2004-1974

HistoryApr 27, 2004 - 4:00 a.m.

CVE-2004-1974

2004-04-2704:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

pafiledb

information disclosure

remote attack

php files

error message

7.3 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

77.2%

JSON

paFileDB 3.1 allows remote attackers to gain sensitive information via a direct request to (1) login.php, (2) category.php, (3) search.php, (4) main.php, (5) viewall.php, (6) download.php, (7) email.php, (8) file.php, (9) rate.php, or (10) stats.php, which reveals the path in an error message.

CPENameOperatorVersion
php_arena:pafiledbphp arena pafiledbeq3.1

CPE	Name	Operator	Version
php_arena:pafiledb	php arena pafiledb	eq	3.1

References

marc.info/?l=bugtraq&m=108311096022485&w=2

exchange.xforce.ibmcloud.com/vulnerabilities/15990

7.3 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

77.2%

JSON