Info

Disclosure

Mar 08, 2005

Discovery

Jan 01, 2001

Dates

Exploit

Mar 08, 2005

Solution

Unknown

Description

paFileDB contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when requesting the 'license.php' script directly, which will disclose the installation path resulting in a loss of confidentiality.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Available
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

PHP Arena

paFileDB

3.1

References

Security Tracker: 1013405 1013425
Secunia Advisory ID: 11489
Related OSVDB ID: 14967 14968 14969 14970 14971 14973 14974 14975 14976 14977 15033 5695 5696
CVE ID: 2005-0724 (see also: NVD) 2005-0780 (see also: NVD)
Mail List Post: http://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032287.html
http://marc.theaimsgroup.com/?l=bugtraq&m=111066293914977&w=2
Vendor URL: http://www.phparena.net/pafiledb.php

Credit

sp3x -

Direct URL: http://osvdb.org/36218