CVE-2004-1974

Name of the Vulnerable Software and Affected Versions paFileDB version 3.1

Description The issue allows remote attackers to gain sensitive information via a direct request to various API endpoints, including "login.php", "category.php", "search.php", "main.php", "viewall.php", "download.php", "email.php", "file.php", "rate.php", or "stats.php". These endpoints reveal the path in an error message, potentially exposing sensitive information.

Recommendations For paFileDB version 3.1, consider restricting access to the mentioned API endpoints until a patch is available. As a temporary workaround, disable the display of error messages that reveal sensitive path information.