Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
paFileDB 3.1, when using sessions authentication and while the administrator logs on, allows remote attackers to read the administrator's password hash and conduct brute force password guessing attacks by listing the contents of the sessions directory and reading the associated file for the administrator session.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHPArena paFileDB session 信息泄露漏洞
Vulnerability Description
paFileDB是一种文件管理脚本。 paFileDB 3.1存在信息泄露漏洞。 当采用session认证且管理员处于登录状态时,远程攻击者可通过访问sessions目录,获取管理员seesion的相关文件,从而得到管理员密码的hash,通过暴力颇觉方式,可能获取管理原帐号密码。
CVSS Information
N/A
Vulnerability Type
N/A