CVE-2005-2000

Properties

Published:
14.06.2005
Updated:
20.10.2005
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N) Approximated
Product:
PHP Arena: paFileDB
PHP Arena: paFileDB
PHP Arena: paFileDB
PHP Arena: paFileDB
PHP Arena: paFileDB

Vulnerability description

Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the formname parameter (1) in the login form, (2) in the team login form, or (3) to auth.php, (4) select, (5) id, or (6) query parameter to pafiledb.php, or (7) string parameter to search.php.

References:

BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=111885787217807&w=2
MISC: http://www.gulftech.org/?node=research&article_id=00082-06142005
CONFIRM: http://www.phparena.net/
CONFIRM: http://www.phparena.net/pafiledb_patch/
BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=111885787217807&w=2
MISC: http://www.gulftech.org/?node=research&article_id=00082-06142005