Description
Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) category.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the start parameter to pafiledb.php.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
https://www.exploit-db.com/exploits/25215
exploitdb
WORKING POC
VERIFIED
https://www.exploit-db.com/exploits/25216
References (5)
Core 5
Core References
Exploit x_refsource_misc
http://digitalparadox.org/advisories/pafdb.txt
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111065796525043&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/19690
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/12788
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111221940107161&w=2
Scores
EPSS
0.0426
EPSS Percentile
88.9%
Details
Status
published
Products (5)
php_arena/pafiledb
1.1.3
php_arena/pafiledb
2.1.1
php_arena/pafiledb
3.0
php_arena/pafiledb
3.0_beta_3.1
php_arena/pafiledb
3.1
Published
May 02, 2005
Tracked Since
Feb 18, 2026