cbcvebase.

Php Arena Pafaq vulnerabilities

5 known vulnerabilities affecting php_arena/pafaq.

Total CVEs
5
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2005-2012P3HIGHCVSS 7.5PoCv1.0_beta_42005-06-20
CVE-2005-2012 [HIGH] CVE-2005-2012: Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 allow remote attackers to execut Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) id parameters.
nvd
CVE-2005-0475P4MEDIUMCVSS 6.4PoCvbeta42005-03-30
CVE-2005-0475 [MEDIUM] CVE-2005-0475: SQL injection vulnerability in paFAQ Beta4, and possibly other versions, allows remote attackers to SQL injection vulnerability in paFAQ Beta4, and possibly other versions, allows remote attackers to execute arbitrary SQL code via the (1) offset, (2) limit, (3) order, or (4) orderby parameter to question.php, (5) offset parameter to answer.php, (6) search_item parameter to search.php, (7) cat_id, (8) cid, or (9) id parameter to comment.php.
nvd
CVE-2005-2011P4MEDIUMCVSS 4.3PoCv1.0_beta_42005-06-20
CVE-2005-2011 [MEDIUM] CVE-2005-2011: Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta 4 allow remote attackers to in Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta 4 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the id parameter in a Question action.
nvd
CVE-2005-2014P4MEDIUMCVSS 4.6v1.0_beta_42005-06-20
CVE-2005-2014 [MEDIUM] CVE-2005-2014: The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote authenticated administrators The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote authenticated administrators to execute arbitrary PHP commands by uploading a malicious language pack.
nvd
CVE-2005-2013P4MEDIUMCVSS 5.0v1.0_beta_42005-06-20
CVE-2005-2013 [MEDIUM] CVE-2005-2013: paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive information via a direct request to adm paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive information via a direct request to admin/backup.php, which contains a backup of the database including usernames and passwords.
nvd
Php Arena Pafaq vulnerabilities | cvebase