Description
SQL injection vulnerability in (1) viewall.php and (2) category.php in paFileDB 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter to pafiledb.php.
Exploits (2)
exploitdb
WRITEUP
VERIFIED
https://www.exploit-db.com/exploits/25213
exploitdb
WRITEUP
VERIFIED
https://www.exploit-db.com/exploits/25214
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/19688
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111065796525043&w=2
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/12788
Scores
EPSS
0.0032
EPSS Percentile
55.2%
Details
Status
published
Products (5)
php_arena/pafiledb
1.1.3
php_arena/pafiledb
2.1.1
php_arena/pafiledb
3.0
php_arena/pafiledb
3.0_beta_3.1
php_arena/pafiledb
3.1
Published
May 02, 2005
Tracked Since
Feb 18, 2026