PAFileDB 1.1.3/2.1.1/3.0/3.1 viewall.php start Parameter SQL Injection

2005-03-12T00:00:00
ID EDB-ID:25213
Type exploitdb
Reporter sp3x@securityreason.com
Modified 2005-03-12T00:00:00

Description

PAFileDB 1.1.3/2.1.1/3.0/3.1 viewall.php start Parameter SQL Injection. CVE- 2005-0781. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/12788/info

Multiple SQL injection and cross-site scripting vulnerabilities exist in paFileDB. These issues are reported to exist in the 'viewall.php' and 'category.php' scripts.

Exploitation of these issues may allow for compromise of the software, session hijacking, or attacks against the underlying database. 

http://www.example.com/[pafiledb_dir]/pafiledb.php?action=viewall&start='&sortby=rating