Php Arena

Pafiledb

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2005-0781

Exploit
  • EPSS 0.32%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

SQL injection vulnerability in (1) viewall.php and (2) category.php in paFileDB 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter to pafiledb.php.

7.5

CVE-2005-0327

  • EPSS 0.64%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute arbitrary PHP code via a modified action parameter that is used in an include statement for login.php.

5

CVE-2005-0326

  • EPSS 0.35%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive information via an invalid or missing action parameter, which reveals the path in an error message when it cannot include a login.php script.

5

CVE-2005-0780

  • EPSS 3.62%
  • Veröffentlicht 12.03.2005 05:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) auth.php, (2) login.php, (3) category.php, (4) file.php, (5) team.php, (6) license.php, (7) custom.php, (8) admins.php, or (9) backupdb.php, ...

4.3

CVE-2005-0723

  • EPSS 0.3%
  • Veröffentlicht 08.03.2005 05:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Cross-site scripting (XSS) vulnerability in the jumpmenu function in functions.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameters, which is not properly cleansed in the $pageurl vari...

5

CVE-2004-1219

  • EPSS 0.59%
  • Veröffentlicht 10.01.2005 05:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

paFileDB 3.1, when using sessions authentication and while the administrator logs on, allows remote attackers to read the administrator's password hash and conduct brute force password guessing attacks by listing the contents of the sessions director...

4.3

CVE-2004-1551

  • EPSS 0.55%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Cross-site scripting (XSS) vulnerability in the (1) email or (2) file modules in paFileDB 3.1 Final allows remote attackers to execute arbitrary web script or HTML via the id parameter.

4.3

CVE-2004-1975

  • EPSS 0.58%
  • Veröffentlicht 27.04.2004 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Cross-site scripting (XSS) vulnerability in the category module in pafiledb.php for paFileDB 3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a vulnerability that is closely related to CVE-2004-1551.

5

CVE-2004-1974

  • EPSS 0.35%
  • Veröffentlicht 27.04.2004 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

paFileDB 3.1 allows remote attackers to gain sensitive information via a direct request to (1) login.php, (2) category.php, (3) search.php, (4) main.php, (5) viewall.php, (6) download.php, (7) email.php, (8) file.php, (9) rate.php, or (10) stats.php,...

4.3

CVE-2002-1929

Exploit
  • EPSS 0.91%
  • Veröffentlicht 31.12.2002 05:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena paFileDB 1.1.3 through 3.0 allows remote attackers to inject arbitrary web script or HTML via the query string in the (1) rate, (2) email, or (3) download actions.