Sensitive Information Disclosure in paFileDB 3.1 via Direct Request

Sensitive Information Disclosure in paFileDB 3.1 via Direct Request

CVE-2004-1974 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

paFileDB 3.1 allows remote attackers to gain sensitive information via a direct request to (1) login.php, (2) category.php, (3) search.php, (4) main.php, (5) viewall.php, (6) download.php, (7) email.php, (8) file.php, (9) rate.php, or (10) stats.php, which reveals the path in an error message.

Learn more about our Web Application Penetration Testing UK.