paFileDB pafiledb.php Installation Path Disclosure

2005-03-08T00:00:00
ID OSVDB:5696
Type osvdb
Reporter sp3x(sp3x@securityreason.com)
Modified 2005-03-08T00:00:00

Description

Vulnerability Description

paFileDB contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when requesting the 'pafiledb.php' script directly, which will disclose the installation path resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

paFileDB contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when requesting the 'pafiledb.php' script directly, which will disclose the installation path resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/[pafiledb_dir]/pafiledb.php?str=[something]

References:

Vendor URL: http://www.phparena.net/pafiledb.php Security Tracker: 1013425 Security Tracker: 1013405 Secunia Advisory ID:11489 Related OSVDB ID: 14967 Related OSVDB ID: 14973 Related OSVDB ID: 14686 Related OSVDB ID: 14684 Related OSVDB ID: 14969 Related OSVDB ID: 14970 Related OSVDB ID: 14971 Related OSVDB ID: 14974 Related OSVDB ID: 15033 Related OSVDB ID: 14968 Related OSVDB ID: 14687 Related OSVDB ID: 5695 Related OSVDB ID: 14972 Related OSVDB ID: 14975 Related OSVDB ID: 14976 Related OSVDB ID: 14977 Related OSVDB ID: 14688 Mail List Post: http://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032287.html