CVE-2002-1929
PHP Arena paFileDB 1.1.3-3.0 - Cross-Site Scripting via Query String in Rate, Email, or Download Actions
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2002-1929. PoCs published by ersatz.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in PHP Arena paFileDB's 'Email to Friend' function. The PoC provides malicious URLs that inject arbitrary JavaScript code via the 'id' parameter in multiple actions (email, rate, download).
Description
Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena paFileDB 1.1.3 through 3.0 allows remote attackers to inject arbitrary web script or HTML via the query string in the (1) rate, (2) email, or (3) download actions.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in PHP Arena paFileDB's 'Email to Friend' function. The PoC provides malicious URLs that inject arbitrary JavaScript code via the 'id' parameter in multiple actions (email, rate, download).