Vulnerabilities > CVE-2005-0475 - SQL-Injection vulnerability in PHP Arena Pafaq Beta4
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
SQL injection vulnerability in paFAQ Beta4, and possibly other versions, allows remote attackers to execute arbitrary SQL code via the (1) offset, (2) limit, (3) order, or (4) orderby parameter to question.php, (5) offset parameter to answer.php, (6) search_item parameter to search.php, (7) cat_id, (8) cid, or (9) id parameter to comment.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description paFaq beta4 question.php Multiple Parameter SQL Injection. CVE-2005-0475. Webapps exploit for php platform id EDB-ID:25114 last seen 2016-02-03 modified 2005-02-17 published 2005-02-17 reporter pi3ch source https://www.exploit-db.com/download/25114/ title paFaq beta4 question.php Multiple Parameter SQL Injection description paFaq beta4 search.php search_item Parameter SQL Injection. CVE-2005-0475. Webapps exploit for php platform id EDB-ID:25116 last seen 2016-02-03 modified 2005-02-17 published 2005-02-17 reporter pi3ch source https://www.exploit-db.com/download/25116/ title paFaq beta4 - search.php search_item Parameter SQL Injection description paFaq beta4 answer.php offset Parameter SQL Injection. CVE-2005-0475. Webapps exploit for php platform id EDB-ID:25115 last seen 2016-02-03 modified 2005-02-17 published 2005-02-17 reporter pi3ch source https://www.exploit-db.com/download/25115/ title paFaq beta4 answer.php offset Parameter SQL Injection
Nessus
NASL family | CGI abuses |
NASL id | PAFAQ_10B4.NASL |
description | The remote host is running paFAQ, a web-based FAQ system implemented in PHP / MySQL. The installed version of paFAQ on the remote host suffers from several vulnerabilities. Among the more serious are a SQL injection vulnerability that enables an attacker to bypass admin authentication and a |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 18535 |
published | 2005-06-21 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/18535 |
title | paFAQ 1.0 Beta 4 Multiple Vulnerabilities |
code |
|