Detections
Analytics

PAFileDB Multiple Script Error Message Path Disclosure

medium Nessus Plugin ID 15909

Synopsis

The remote web server contains a PHP script that is affected by an information disclosure issue.

Description

There is a flaw in the remote version of paFileDB that may let an attacker obtain the physical path of the remote installation by sending a malformed request to one of the scripts 'admins.php', 'category.php', or 'team.php'. This information may help an attacker make more focused attacks against the remote host.

Solution

Unknown at this time.

See Also

https://marc.info/?l=bugtraq&m=110245123927025&w=2

Plugin Details

Severity: Medium

ID: 15909

File Name: pafiledb_path_disclosure.nasl

Version: 1.19

Type: remote

Family: CGI abuses

Published: 12/6/2004

Updated: 6/1/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: www/pafiledb

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 12/4/2004

Reference Information

BID: 11817