CVE-2005-2000

paFileDB <= 3.1 - SQL Injection via Multiple Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-2000. PoCs published by Alpha_Programmer.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in PHP Arena paFileDB 1.1.3 and older. It crafts a malicious HTTP request to update the admin password, allowing unauthorized access.

Description

Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the formname parameter (1) in the login form, (2) in the team login form, or (3) to auth.php, (4) select, (5) id, or (6) query parameter to pafiledb.php, or (7) string parameter to search.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Alpha_Programmer · perlwebappsphp
https://www.exploit-db.com/exploits/1050

This exploit targets a SQL injection vulnerability in PHP Arena paFileDB 1.1.3 and older. It crafts a malicious HTTP request to update the admin password, allowing unauthorized access.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: PHP Arena paFileDB 1.1.3 and older
No auth needed
Prerequisites: Target must be running vulnerable version of paFileDB · Target must have the vulnerable endpoint exposed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Patch x_refsource_confirm
http://www.phparena.net/
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111885787217807&w=2
Patch x_refsource_confirm
http://www.phparena.net/pafiledb_patch/

Scores

EPSS 0.0244
EPSS Percentile 82.2%

Details

Status published
Products (5)
php_arena/pafiledb 1.1.3
php_arena/pafiledb 2.1.1
php_arena/pafiledb 3.0
php_arena/pafiledb 3.0_beta_3.1
php_arena/pafiledb 3.1
Published Jun 15, 2005
Tracked Since Feb 18, 2026