Shodan
Vulnerabilities
Vulnerable Software
Php Arena:  Security Vulnerabilities
CVE-2005-2014
The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote authenticated administrators to execute arbitrary PHP commands by uploading a malicious language pack.
CVSS Score
4.6
EPSS Score
0.002
Published
2005-06-20
CVE-2005-1999
Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in paFileDB 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sortby or (2) filelist parameters to the category action (category.php), or (3) pages parameter in the viewall action (viewall.php).
CVSS Score
4.3
EPSS Score
0.004
Published
2005-06-15
CVE-2005-2000
Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the formname parameter (1) in the login form, (2) in the team login form, or (3) to auth.php, (4) select, (5) id, or (6) query parameter to pafiledb.php, or (7) string parameter to search.php.
CVSS Score
7.5
EPSS Score
0.006
Published
2005-06-15
CVE-2005-2001
Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) in the action parameter.
CVSS Score
5.0
EPSS Score
0.005
Published
2005-06-15
CVE-2005-0326
pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive information via an invalid or missing action parameter, which reveals the path in an error message when it cannot include a login.php script.
CVSS Score
5.0
EPSS Score
0.003
Published
2005-05-02
CVE-2005-0327
pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute arbitrary PHP code via a modified action parameter that is used in an include statement for login.php.
CVSS Score
7.5
EPSS Score
0.006
Published
2005-05-02
CVE-2005-0646
SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote attackers to execute arbitrary SQL via the mysql_prefix parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2005-05-02
CVE-2005-0647
admin_setup.php in paNews 2.0.4b allows remote attackers to inject arbitrary PHP code via the (1) $form[comments] or (2) $form[autoapprove] parameters, which are written to config.php.
CVSS Score
5.0
EPSS Score
0.032
Published
2005-05-02
CVE-2005-0724
paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via (1) an invalid str parameter to pafiledb.php, or a direct request to (2) viewall.php, (3) stats.php, (4) search.php, (5) rate.php, (6) main.php, (7) license.php, (8) category.php, (9) download.php, (10) file.php, (11) email.php, or (12) admin.php, which reveals the path in a PHP error message.
CVSS Score
5.0
EPSS Score
0.003
Published
2005-05-02
CVE-2005-0781
SQL injection vulnerability in (1) viewall.php and (2) category.php in paFileDB 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter to pafiledb.php.
CVSS Score
7.5
EPSS Score
0.003
Published
2005-05-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved