| |
Vulnerability CVE-2005-2000
Published: 2005-06-15 Modified: 2012-02-12
| Description: |
Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the formname parameter (1) in the login form, (2) in the team login form, or (3) to auth.php, (4) select, (5) id, or (6) query parameter to pafiledb.php, or (7) string parameter to search.php. |
CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
7.5/10 |
6.4/10 |
10/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
http://www.phparena.net/pafiledb_patch/
http://www.phparena.net/
http://www.gulftech.org/?node=research&article_id=00082-06142005
http://marc.theaimsgroup.com/?l=bugtraq&m=111885787217807&w=2
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
