CVE-2005-0780

paFileDB <= 3.1 - Information Disclosure via Direct Request to Multiple Scripts

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0780. PoCs published by y3dips.

AI-analyzed exploit summary This is a writeup describing an information disclosure vulnerability in paFileDB. The vulnerability allows attackers to disclose the installation path by making invalid requests to specific scripts, which return error messages containing the path.

Description

paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) auth.php, (2) login.php, (3) category.php, (4) file.php, (5) team.php, (6) license.php, (7) custom.php, (8) admins.php, or (9) backupdb.php, which reveal the path in a PHP error message.

Exploits (1)

exploitdb WRITEUP VERIFIED

by y3dips · textwebappsphp

https://www.exploit-db.com/exploits/24798

View Code ZIP pw:eip

This is a writeup describing an information disclosure vulnerability in paFileDB. The vulnerability allows attackers to disclose the installation path by making invalid requests to specific scripts, which return error messages containing the path.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: paFileDB (version not specified)

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=111066293914977&w=2

Scores

EPSS 0.0514

EPSS Percentile 91.3%

Details

Status published

Products (5)

php_arena/pafiledb 1.1.3

php_arena/pafiledb 2.1.1

php_arena/pafiledb 3.0

php_arena/pafiledb 3.0_beta_3.1

php_arena/pafiledb 3.1

Published Mar 12, 2005

Tracked Since Feb 18, 2026