Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) in the action parameter.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Pafiledb | Php_arena | 1.1.3 (including) | 1.1.3 (including) |
| Pafiledb | Php_arena | 2.1.1 (including) | 2.1.1 (including) |
| Pafiledb | Php_arena | 3.0 (including) | 3.0 (including) |
| Pafiledb | Php_arena | 3.0_beta_3.1 (including) | 3.0_beta_3.1 (including) |
| Pafiledb | Php_arena | 3.1 (including) | 3.1 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=111885787217807\u0026w=2
- http://www.gulftech.org/?node=research\u0026article_id=00082-06142005
- http://www.phparena.net/
- http://www.phparena.net/pafiledb_patch/
- http://marc.info/?l=bugtraq\u0026m=111885787217807\u0026w=2
- http://www.gulftech.org/?node=research\u0026article_id=00082-06142005
- http://www.phparena.net/
- http://www.phparena.net/pafiledb_patch/