Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0475

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2005-0475
Last Modified 05 Sep 2008 04:46:24
Published 30 Mar 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0475

Summary

SQL injection vulnerability in paFAQ Beta4, and possibly other versions, allows remote attackers to execute arbitrary SQL code via the (1) offset, (2) limit, (3) order, or (4) orderby parameter to question.php, (5) offset parameter to answer.php, (6) search_item parameter to search.php, (7) cat_id, (8) cid, or (9) id parameter to comment.php.

Vulnerable Systems

Application

  • Php Arena Pafaq Beta4


References

BUGTRAQ - 20050217 [PersianHacker.NET 200505-07] paFAQ Beta4 Sql Injection

XF - pafaq-sql-injection(19371)


Last Updated: 27 May 2016 10:39:49