header-logo
Suggest Exploit
vendor:
paFileDB
by:
SecurityFocus
8.3
CVSS
HIGH
SQL injection and cross-site scripting
89, 79
CWE
Product Name: paFileDB
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

Multiple SQL injection and cross-site scripting vulnerabilities in paFileDB

Multiple SQL injection and cross-site scripting vulnerabilities exist in paFileDB. These issues are reported to exist in the 'viewall.php' and 'category.php' scripts. Exploitation of these issues may allow for compromise of the software, session hijacking, or attacks against the underlying database.

Mitigation:

Ensure that user-supplied input is properly sanitized and validated before being used in SQL queries.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12788/info
   
Multiple SQL injection and cross-site scripting vulnerabilities exist in paFileDB. These issues are reported to exist in the 'viewall.php' and 'category.php' scripts.
   
Exploitation of these issues may allow for compromise of the software, session hijacking, or attacks against the underlying database. 

http://www.example.com/[pafiledb_dir]/pafiledb.php?action=category&start="><iframe%20src=http://www.securityreason.com></iframe>&sortby=date

Navigation

Suggest Exploit

Services By CQR