Pafaq Security Vulnerabilities and Issues — Pafaq CVE List

Lucene search

Php ArenaPafaq

5 matches found

CVE•added 2005/03/30 5:0 a.m.•40 views

CVE-2005-0475

SQL injection vulnerability in paFAQ Beta4, and possibly other versions, allows remote attackers to execute arbitrary SQL code via the (1) offset, (2) limit, (3) order, or (4) orderby parameter to question.php, (5) offset parameter to answer.php, (6) search_item parameter to search.php, (7) cat_id,...

6.4CVSS8.4AI score0.0033EPSS

CVE•added 2005/06/20 4:0 a.m.•40 views

CVE-2005-2012

Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) id parameters.

7.5CVSS8.8AI score0.00758EPSS

CVE•added 2005/06/20 4:0 a.m.•40 views

CVE-2005-2013

paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive information via a direct request to admin/backup.php, which contains a backup of the database including usernames and passwords.

5CVSS6.2AI score0.00409EPSS

CVE•added 2005/06/20 4:0 a.m.•33 views

CVE-2005-2014

The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote authenticated administrators to execute arbitrary PHP commands by uploading a malicious language pack.

4.6CVSS7.3AI score0.00206EPSS

CVE•added 2005/06/20 4:0 a.m.•32 views

CVE-2005-2011

Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta 4 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the id parameter in a Question action.

4.3CVSS5.9AI score0.00446EPSS