ID CVE-2005-0475
Summary SQL injection vulnerability in paFAQ Beta4, and possibly other versions, allows remote attackers to execute arbitrary SQL code via the (1) offset, (2) limit, (3) order, or (4) orderby parameter to question.php, (5) offset parameter to answer.php, (6) search_item parameter to search.php, (7) cat_id, (8) cid, or (9) id parameter to comment.php.
References
Vulnerable Configurations
  • cpe:2.3:a:php_arena:pafaq:beta4:*:*:*:*:*:*:*
    cpe:2.3:a:php_arena:pafaq:beta4:*:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:N
refmap via4
bugtraq 20050217 [PersianHacker.NET 200505-07] paFAQ Beta4 Sql Injection
xf pafaq-sql-injection(19371)
Last major update 11-07-2017 - 01:32
Published 30-03-2005 - 05:00
Last modified 11-07-2017 - 01:32
Back to Top