Vulnerabilities > CVE-2005-0782 - SQL Injection And Cross-Site Scripting vulnerability in PAFileDB

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

php-arena

nessus

exploit available

NVD

Published: 2005-05-02

Updated: 2017-07-11

Summary

Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) category.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the start parameter to pafiledb.php.

Vulnerable Configurations

Part	Description	Count
Application	Php_Arena PHP Arena Pafiledb 1.1.3 PHP Arena Pafiledb 2.1.1 PHP Arena Pafiledb 3.0 PHP Arena Pafiledb 3.0_Beta_3.1 PHP Arena Pafiledb 3.1	5

Exploit-Db

description	PAFileDB 1.1.3/2.1.1/3.0/3.1 viewall.php start Parameter XSS. CVE-2005-0782. Webapps exploit for php platform
id	EDB-ID:25215
last seen	2016-02-03
modified	2005-03-12
published	2005-03-12
reporter	[email protected]
source	https://www.exploit-db.com/download/25215/
title	PAFileDB 1.1.3/2.1.1/3.0/3.1 viewall.php start Parameter XSS

description	PAFileDB 1.1.3/2.1.1/3.0/3.1 category.php start Parameter XSS. CVE-2005-0782. Webapps exploit for php platform
id	EDB-ID:25216
last seen	2016-02-03
modified	2005-03-12
published	2005-03-12
reporter	[email protected]
source	https://www.exploit-db.com/download/25216/
title	PAFileDB 1.1.3/2.1.1/3.0/3.1 category.php start Parameter XSS

Nessus

NASL family	CGI abuses
NASL id	PAFILEDB_MULTIPLE_VULNS.NASL
description	The remote host is running a version of paFileDB that is prone to a wide variety of vulnerabilities, including arbitrary file uploads, local file inclusion, SQL injection, and cross-site scripting issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	17329
published	2005-03-15
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/17329
title	paFileDB <= 3.1 Multiple Vulnerabilities (2)

NASL family	CGI abuses
NASL id	PAFILEDB_CMD_EXEC.NASL
description	The remote host is running a version of paFileDB that is prone to a wide variety of vulnerabilities, including arbitrary file uploads, local file inclusion, SQL injection, and cross-site scripting issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	11806
published	2003-07-24
reporter	This script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/11806
title	paFileDB <= 3.1 Multiple Vulnerabilities (1)

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References