CVE-2005-0780

Name of the Vulnerable Software and Affected Versions paFileDB versions 3.1 and earlier

Description The issue allows remote attackers to obtain sensitive information via a direct request to various PHP files, including "auth.php", "login.php", "category.php", "file.php", "team.php", "license.php", "custom.php", "admins.php", or "backupdb.php". These files can reveal the path in a PHP error message.

Recommendations For paFileDB versions 3.1 and earlier, consider restricting access to the mentioned PHP files, such as "auth.php", "login.php", "category.php", "file.php", "team.php", "license.php", "custom.php", "admins.php", and "backupdb.php", to minimize the risk of exploitation. Additionally, ensure that PHP error messages are properly configured to prevent the disclosure of sensitive information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.