CVE-2005-2000

PHP Arena Pafiledb - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the formname parameter (1) in the login form, (2) in the team login form, or (3) to auth.php, (4) select, (5) id, or (6) query parameter to pafiledb.php, or (7) string parameter to search.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Alpha_Programmer · perlwebappsphp

https://www.exploit-db.com/exploits/1050

View Code ZIP pw:eip

References (4)

[Patch] http://www.phparena.net/

[Mailing List] http://marc.info/?l=bugtraq&m=111885787217807&w=2

[Patch] http://www.phparena.net/pafiledb_patch/

[Exploit, Patch] http://www.gulftech.org/?node=research&article_id=00082-06142005

Scores

EPSS 0.0064

EPSS Percentile 70.7%

Details

Status published

Products (5)

php_arena/pafiledb 1.1.3

php_arena/pafiledb 2.1.1

php_arena/pafiledb 3.0

php_arena/pafiledb 3.0_beta_3.1

php_arena/pafiledb 3.1

Published Jun 15, 2005

Tracked Since Feb 18, 2026