CVE-2004-1974

paFileDB 3.1 allows remote attackers to gain sensitive information via a direct request to (1) login.php, (2) category.php, (3) search.php, (4) main.php, (5) viewall.php, (6) download.php, (7) email.php, (8) file.php, (9) rate.php, or (10) stats.php, which reveals the path in an error message.

Published: Apr 27, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-1974
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
php_arena / pafiledb	3.1	3.1.x

http://marc.info/?l=bugtraq&m=108311096022485&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/15990

Vulnerability Database

289,871

CVE-2004-1974