Description
Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) id parameters.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by GulfTech Security · textwebappsphp
https://www.exploit-db.com/exploits/25856
References (2)
Core 2
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111928841328681&w=2
Exploit x_refsource_misc
http://www.gulftech.org/?node=research&article_id=00083-06202005
Scores
EPSS
0.0100
EPSS Percentile
77.1%
Details
Status
published
Products (1)
php_arena/pafaq
1.0_beta_4
Published
Jun 20, 2005
Tracked Since
Feb 18, 2026