CVE-2005-2013

The CVE-2005-2013 entry concerns paFAQ 1.0 Beta 4, a PHP/MySQL web application. The described vulnerability allows remote attackers to access admin/backup.php directly, which contains a backup of the database including usernames and passwords. This exposure could reveal administrator credentials ...

CVE-2005-0475

CVE-2005-0475 affects paFAQ Beta4 (PHP/MySQL). It is a SQL injection vulnerability allowing remote attackers to inject arbitrary SQL via parameters in question.php (offset, limit, order, orderby), answer.php (offset), search.php (search_item), and comment.php (cat_id, cid, id). The NVD entry docu...

CVE-2005-2012

paFAQ 1.0 Beta 4 is affected by multiple SQL injection vulnerabilities in the login flow, allowing remote attackers to bypass authentication by manipulating the (1) username or (2) id parameters. The Nessus plugin and CVE records corroborate that the remote PHP/MySQL application is vulnerable to ...

CVE-2005-2014

The vulnerability CVE-2005-2014 affects the web-based FAQ system paFAQ 1.0 Beta 4 . The issue lies in the "upload a language pack" feature, which allows remote authenticated administrators to execute arbitrary PHP commands by uploading a malicious language pack. The CVE entry notes a MEDIUM sever...

CVE-2005-2011

paFAQ 1.0 Beta 4 contains multiple XSS vulnerabilities that allow remote attackers to inject arbitrary web script or HTML, demonstrated via the id parameter in a Question action. The CVE-2005-2011 entry is corroborated by multiple sources in the provided documents (NVD/CVE record, CVE list, and N...