Lucene search
HistoryJun 15, 2005 - 4:00 a.m.
CVE-2005-2000
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.4
Confidence
Low
EPSS
0.002
Percentile
55.8%
Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the formname parameter (1) in the login form, (2) in the team login form, or (3) to auth.php, (4) select, (5) id, or (6) query parameter to pafiledb.php, or (7) string parameter to search.php.
Affected configurations
Node
php_arenapafiledbMatch1.1.3
ORphp_arenapafiledbMatch2.1.1
ORphp_arenapafiledbMatch3.0
ORphp_arenapafiledbMatch3.0_beta_3.1
ORphp_arenapafiledbMatch3.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| php_arena | pafiledb | 1.1.3 | cpe:2.3:a:php_arena:pafiledb:1.1.3:*:*:*:*:*:*:* |
| php_arena | pafiledb | 2.1.1 | cpe:2.3:a:php_arena:pafiledb:2.1.1:*:*:*:*:*:*:* |
| php_arena | pafiledb | 3.0 | cpe:2.3:a:php_arena:pafiledb:3.0:*:*:*:*:*:*:* |
| php_arena | pafiledb | 3.0_beta_3.1 | cpe:2.3:a:php_arena:pafiledb:3.0_beta_3.1:*:*:*:*:*:*:* |
| php_arena | pafiledb | 3.1 | cpe:2.3:a:php_arena:pafiledb:3.1:*:*:*:*:*:*:* |
Related
exploitdb
exploitdb
PHP Arena 1.1.3 - 'pafiledb.php' Remote Change Password
2005-06-15 00:00:00
cve
cve
CVE-2005-2000
2005-06-20 04:00:00
CVE-2007-3808
2007-07-17 00:30:00
cvelist
cvelist
CVE-2005-2000
2005-06-20 04:00:00
CVE-2007-3808
2007-07-17 00:00:00
prion
prion
Sql injection
2007-07-17 00:30:00
nvd
nvd
CVE-2007-3808
2007-07-17 00:30:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.4
Confidence
Low
EPSS
0.002
Percentile
55.8%
Related for NVD:CVE-2005-2000