paFileDB category.php Installation Path Disclosure

2004-04-27T00:00:00
ID OSVDB:14973
Type osvdb
Reporter sp3x(sp3x@securityreason.com)
Modified 2004-04-27T00:00:00

Description

Vulnerability Description

paFileDB contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when requesting the 'category.php' script directly, which will disclose the installation path resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

paFileDB contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when requesting the 'category.php' script directly, which will disclose the installation path resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/[pafiledb_dir]/includes/category.php

References:

Vendor URL: http://www.phparena.net/pafiledb.php Security Tracker: 1012421 Secunia Advisory ID:11489 Related OSVDB ID: 14967 Related OSVDB ID: 14969 Related OSVDB ID: 14970 Related OSVDB ID: 14971 Related OSVDB ID: 14974 Related OSVDB ID: 15033 Related OSVDB ID: 14968 Related OSVDB ID: 5695 Related OSVDB ID: 5696 Related OSVDB ID: 14972 Related OSVDB ID: 14975 Related OSVDB ID: 14976 Related OSVDB ID: 14977 Other Advisory URL: http://echo.or.id/adv/adv09-y3dips-2004.txt Mail List Post: http://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032287.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-12/0045.html Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=111066293914977&w=2 Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=108311096022485&w=2 ISS X-Force ID: 15990 CVE-2004-1974 CVE-2005-0724 CVE-2005-0780