Vulnerabilities > PHP Arena > Pafaq > Medium

DATE CVE VULNERABILITY TITLE RISK
2005-06-20 CVE-2005-2014 Local Security vulnerability in PHP Arena Pafaq 1.0Beta4
The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote authenticated administrators to execute arbitrary PHP commands by uploading a malicious language pack.
local
low complexity
php-arena
4.6
2005-06-20 CVE-2005-2013 Information Disclosure vulnerability in PHP Arena Pafaq 1.0Beta4
paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive information via a direct request to admin/backup.php, which contains a backup of the database including usernames and passwords.
network
low complexity
php-arena
5.0
2005-06-20 CVE-2005-2011 Cross-Site Scripting vulnerability in PHP Arena Pafaq 1.0Beta4
Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta 4 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the id parameter in a Question action.
network
php-arena
4.3
2005-03-30 CVE-2005-0475 SQL-Injection vulnerability in PHP Arena Pafaq Beta4
SQL injection vulnerability in paFAQ Beta4, and possibly other versions, allows remote attackers to execute arbitrary SQL code via the (1) offset, (2) limit, (3) order, or (4) orderby parameter to question.php, (5) offset parameter to answer.php, (6) search_item parameter to search.php, (7) cat_id, (8) cid, or (9) id parameter to comment.php.
network
low complexity
php-arena
6.4