N/A

paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via (1) an invalid str parameter to pafiledb.php, or a direct request to (2) viewall.php, (3) stats.php, (4) search.php, (5) rate.php, (6) main.php, (7) license.php, (8) category.php, (9) download.php, (10) file.php, (11) email.php, or (12) admin.php, which reveals the path in a PHP error message.

N/A

N/A

paFileDB 信息泄露漏洞

paFileDB 3.1及更早版本使得远程攻击者可以通过(1)传给pafiledb.php的无效str参数，或者直接请求(2)viewall.php，(3)stats.php，(4)search.php，(5)rate.php，(6)main.php，(7)license.php，(8)category.php，(9)download.php，(10)file.php，(11)email.php或(12)admin.php，造成系统在PHP错误信息中泄露路径，从而获取敏感信息。

N/A

N/A