Info

Disclosure

Apr 27, 2004

Discovery

Jan 01, 2001

Dates

Exploit

Apr 27, 2004

Solution

Unknown

Description

paFileDB contains a flaw that may lead to an unauthorized information disclosure. The problem is that the 'login.php' script does not properly validate user-supplied input, which may allow a remote attacker to disclose the installation path resulting in a loss of confidentiality.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Available
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

PHP Arena

paFileDB

3.1

References

Secunia Advisory ID: 11489
ISS X-Force ID: 15990 19175
CVE ID: 2004-1974 (see also: NVD) 2005-0326 (see also: NVD) 2005-0780 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-01/0342.html
http://marc.theaimsgroup.com/?l=bugtraq&m=108311096022485&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=111066293914977&w=2
Vendor URL: http://www.phparena.net/pafiledb.php

Credit

Pedram Hayati - pi3chyahoo.com -

Direct URL: http://osvdb.org/36218