CVE-2005-2000 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2005-2000

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the formname parameter (1) in the login form, (2) in the team login form, or (3) to auth.php, (4) select, (5) id, or (6) query parameter to pafiledb.php, or (7) string parameter to search.php.

Affected Software

Name	Vendor	Start Version	End Version
Pafiledb	Php_arena	1.1.3 (including)	1.1.3 (including)
Pafiledb	Php_arena	2.1.1 (including)	2.1.1 (including)
Pafiledb	Php_arena	3.0 (including)	3.0 (including)
Pafiledb	Php_arena	3.0_beta_3.1 (including)	3.0_beta_3.1 (including)
Pafiledb	Php_arena	3.1 (including)	3.1 (including)

References

http://marc.info/?l=bugtraq\u0026m=111885787217807\u0026w=2
http://www.gulftech.org/?node=research\u0026article_id=00082-06142005
http://www.phparena.net/
http://www.phparena.net/pafiledb_patch/