CVE-2005-0724 Information

Description

paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via (1) an invalid str parameter to pafiledb.php or a direct request to (2) viewall.php (3) stats.php (4) search.php (5) rate.php (6) main.php (7) license.php (8) category.php (9) download.php (10) file.php (11) email.php or (12) admin.php which reveals the path in a PHP error message.

Reference

http://marc.info/?l=bugtraq&m=111031801802851&w=2