| VID |
21516 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The paFileDB program is vulnerable to an installation path disclosure vulnerability. paFileDB is a Web-based file download management program developed by PHP Arena that uses a MySQL database. paFileDB version 3.1 could allow a remote attacker to trigger an error message that discloses the installation path. By sending a malformed request to one of the scripts 'admins.php', 'category.php', or 'team.php', a remote attacker could obtain the installation path of paFileDB that is included in the returned error message.
* References:
http://echo.or.id/adv/adv09-y3dips-2004.txt
http://www.securitytracker.com/alerts/2004/Dec/1012421.html
* Platforms Affected:
PHP Arena, paFileDB 3.1
Linux Any version
Microsoft Windows Any version
Unix Any version |
| Recommendation |
No upgrade or patch available as of March 2005.
Upgrade to the new version of paFileDB (3.2 or later), when new version fixed this problem becomes available from the PHP Arena Web site at http://www.phparena.net/ |
| Related URL |
(CVE) |
| Related URL |
11817 (SecurityFocus) |
| Related URL |
18365 (ISS) |
|
