paFileDB login.php Installation Path Disclosure

2004-04-27T00:00:00
ID OSVDB:15033
Type osvdb
Reporter Pedram Hayati(pi3ch@yahoo.com)
Modified 2004-04-27T00:00:00

Description

Vulnerability Description

paFileDB contains a flaw that may lead to an unauthorized information disclosure. The problem is that the 'login.php' script does not properly validate user-supplied input, which may allow a remote attacker to disclose the installation path resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

paFileDB contains a flaw that may lead to an unauthorized information disclosure. The problem is that the 'login.php' script does not properly validate user-supplied input, which may allow a remote attacker to disclose the installation path resulting in a loss of confidentiality.

References:

Vendor URL: http://www.phparena.net/pafiledb.php Secunia Advisory ID:11489 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-01/0342.html Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=111066293914977&w=2 Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=108311096022485&w=2 ISS X-Force ID: 15990 ISS X-Force ID: 19175 CVE-2004-1974 CVE-2005-0326 CVE-2005-0780