| VID |
21515 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The paFileDB program is vulnerable to an SQL injection vulnerability in the pafiledb.php script. paFileDB is a Web-based file download management program developed by PHP Arena that uses a MySQL database. paFileDB versions 3.0 Beta and Final and 3.1 Beta and Final allow a remote attacker to execute arbitrary SQL commands, due to the application failing to properly sanitize user-supplied input to the 'id' or 'ratin' parameter before using it in SQL queries in the pafiledb.php script. This vulnerability could permit a remote attacker to pass malicious input to database queries, potentially resulting in data exposure, modification of the query logic, or even data modification or attacks against the database itself.
* References:
http://www.securiteam.com/unixfocus/5NP0F0UF5E.html
http://www.securityfocus.com/archive/1/316053
http://www.securityfocus.com/archive/1/323211
* Platforms Affected:
PHP Arena, paFileDB 3.0 Beta and Final
PHP Arena, paFileDB 3.1 Beta and Final
Linux Any version
Microsoft Windows Any version
Unix Any version |
| Recommendation |
No upgrade or patch available as of March 2005.
Upgrade to the new version of paFileDB (3.2 or later), when new version fixed this problem becomes available from the PHP Arena Web site at http://www.phparena.net/ |
| Related URL |
(CVE) |
| Related URL |
7183 (SecurityFocus) |
| Related URL |
11613 (ISS) |
|
