2005-03-12 05:00:00
mitre
PUBLISHED
paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via (1) an invalid str parameter to pafiledb.php, or a direct request to (2) viewall.php, (3) stats.php, (4) search.php, (5) rate.php, (6) main.php, (7) license.php, (8) category.php, (9) download.php, (10) file.php, (11) email.php, or (12) admin.php, which reveals the path in a PHP error message.