Vulnerabilities > CVE-2005-0781 - SQL Injection And Cross-Site Scripting vulnerability in PAFileDB

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

php-arena

nessus

exploit available

NVD

Published: 2005-05-02

Updated: 2017-07-11

Summary

SQL injection vulnerability in (1) viewall.php and (2) category.php in paFileDB 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter to pafiledb.php.

Vulnerable Configurations

Part	Description	Count
Application	Php_Arena PHP Arena Pafiledb 1.1.3 PHP Arena Pafiledb 2.1.1 PHP Arena Pafiledb 3.0 PHP Arena Pafiledb 3.0_Beta_3.1 PHP Arena Pafiledb 3.1	5

Exploit-Db

description	PAFileDB 1.1.3/2.1.1/3.0/3.1 category.php start Parameter SQL Injection. CVE-2005-0781. Webapps exploit for php platform
id	EDB-ID:25214
last seen	2016-02-03
modified	2005-03-12
published	2005-03-12
reporter	[email protected]
source	https://www.exploit-db.com/download/25214/
title	PAFileDB 1.1.3/2.1.1/3.0/3.1 category.php start Parameter SQL Injection

Nessus

NASL family	CGI abuses
NASL id	PAFILEDB_MULTIPLE_VULNS.NASL
description	The remote host is running a version of paFileDB that is prone to a wide variety of vulnerabilities, including arbitrary file uploads, local file inclusion, SQL injection, and cross-site scripting issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	17329
published	2005-03-15
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/17329
title	paFileDB <= 3.1 Multiple Vulnerabilities (2)

NASL family	CGI abuses
NASL id	PAFILEDB_CMD_EXEC.NASL
description	The remote host is running a version of paFileDB that is prone to a wide variety of vulnerabilities, including arbitrary file uploads, local file inclusion, SQL injection, and cross-site scripting issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	11806
published	2003-07-24
reporter	This script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/11806
title	paFileDB <= 3.1 Multiple Vulnerabilities (1)

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References