CVE-2005-0327

Properties

Published:
01.05.2005
Updated:
20.10.2005
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N) Approximated
Product:
PHP Arena: paFileDB

Vulnerability description

pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute arbitrary PHP code via a modified action parameter that is used in an include statement for login.php.

References:

BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=110720365923818&w=2
XF: http://xforce.iss.net/xforce/xfdb/19176
BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=110720365923818&w=2