Vulnerabilities > CVE-2005-0327 - Remote Security vulnerability in PHP Arena Pafiledb 3.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute arbitrary PHP code via a modified action parameter that is used in an include statement for login.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family CGI abuses NASL id PAFILEDB_MULTIPLE_VULNS.NASL description The remote host is running a version of paFileDB that is prone to a wide variety of vulnerabilities, including arbitrary file uploads, local file inclusion, SQL injection, and cross-site scripting issues. last seen 2020-06-01 modified 2020-06-02 plugin id 17329 published 2005-03-15 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17329 title paFileDB <= 3.1 Multiple Vulnerabilities (2) NASL family CGI abuses NASL id PAFILEDB_CMD_EXEC.NASL description The remote host is running a version of paFileDB that is prone to a wide variety of vulnerabilities, including arbitrary file uploads, local file inclusion, SQL injection, and cross-site scripting issues. last seen 2020-06-01 modified 2020-06-02 plugin id 11806 published 2003-07-24 reporter This script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/11806 title paFileDB <= 3.1 Multiple Vulnerabilities (1)