Sensitive Information Disclosure in paFileDB 3.1 via Direct Request
CVE-2004-1974 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
paFileDB 3.1 allows remote attackers to gain sensitive information via a direct request to (1) login.php, (2) category.php, (3) search.php, (4) main.php, (5) viewall.php, (6) download.php, (7) email.php, (8) file.php, (9) rate.php, or (10) stats.php, which reveals the path in an error message.
Learn more about our Web Application Penetration Testing UK.