CVE-2005-0326

pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive information via an invalid or missing action parameter, which reveals the path in an error message when it cannot include a login.php script.

Published: May 2, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-0326
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
php_arena / pafiledb	3.1	3.1.x

http://marc.info/?l=bugtraq&m=110720365923818&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/19175

Vulnerability Database

289,697

CVE-2005-0326