Lucene search

[email protected]CVE-2005-0724

HistoryMay 02, 2005 - 4:00 a.m.

CVE-2005-0724

2005-05-0204:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

pafiledb

security

cve-2005-0724

sensitive information disclosure

php files

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

75.5%

JSON

paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via (1) an invalid str parameter to pafiledb.php, or a direct request to (2) viewall.php, (3) stats.php, (4) search.php, (5) rate.php, (6) main.php, (7) license.php, (8) category.php, (9) download.php, (10) file.php, (11) email.php, or (12) admin.php, which reveals the path in a PHP error message.

CPENameOperatorVersion
php_arena:pafiledbphp arena pafiledble3.1

CPE	Name	Operator	Version
php_arena:pafiledb	php arena pafiledb	le	3.1

References

marc.info/?l=bugtraq&m=111031801802851&w=2

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

75.5%

JSON

Related for CVE-2005-0724

nessus2