SQL injection vulnerability in (1) viewall.php and (2) category.php in paFileDB 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter to pafiledb.php.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Pafiledb | Php_arena | 1.1.3 | 1.1.3 |
Pafiledb | Php_arena | 2.1.1 | 2.1.1 |
Pafiledb | Php_arena | 3.0 | 3.0 |
Pafiledb | Php_arena | 3.0_beta_3.1 | 3.0_beta_3.1 |
Pafiledb | Php_arena | 3.1 | 3.1 |