Vulnerabilities > CVE-2005-0723 - Cross-Site Scripting vulnerability in PHP Arena Pafiledb 3.1

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

php-arena

nessus

NVD

Published: 2005-03-08

Updated: 2016-10-18

Summary

Cross-site scripting (XSS) vulnerability in the jumpmenu function in functions.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameters, which is not properly cleansed in the $pageurl variable, as demonstrated using pafiledb.php.

Vulnerable Configurations

Part	Description	Count
Application	Php_Arena PHP Arena Pafiledb 3.1	1

Nessus

NASL family	CGI abuses
NASL id	PAFILEDB_MULTIPLE_VULNS.NASL
description	The remote host is running a version of paFileDB that is prone to a wide variety of vulnerabilities, including arbitrary file uploads, local file inclusion, SQL injection, and cross-site scripting issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	17329
published	2005-03-15
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/17329
title	paFileDB <= 3.1 Multiple Vulnerabilities (2)

NASL family	CGI abuses
NASL id	PAFILEDB_CMD_EXEC.NASL
description	The remote host is running a version of paFileDB that is prone to a wide variety of vulnerabilities, including arbitrary file uploads, local file inclusion, SQL injection, and cross-site scripting issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	11806
published	2003-07-24
reporter	This script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/11806
title	paFileDB <= 3.1 Multiple Vulnerabilities (1)

References

http://marc.info/?l=bugtraq&m=111031801802851&w=2