| VID |
21693 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The paFileDB program is vulnerable to an SQL injection vulnerability in the /includes/admin/auth.php script. paFileDB is a Web-based file download management program developed by PHP Arena that uses a MySQL database. paFileDB version 3.1 and possibly other versions could allow a remote attacker to execute arbitrary SQL commands via the username value in the pafiledbcookie cookie. If the magic_quotes_gpc option is disabled and $authmethod="cookies" is used, a remote attacker could send a specially-crafted cookie to the /includes/admin/auth.php script, which would allow the attacker to pass malicious input to database queries, potentially resulting in data exposure, modification of the query logic, or even data modification or attacks against the database itself.
* References:
http://www.security-project.org/projects/board/showthread.php?t=947
http://secunia.com/advisories/16566/
http://marc.theaimsgroup.com/?l=bugtraq&m=112490781927680&w=2
* Platforms Affected:
PHP Arena, paFileDB version 3.1 and possibly other versions
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of June 2014.
As a workaround, edit $authmethod in pafiledb.php to disable cookie-based authentication. |
| Related URL |
CVE-2005-2723 (CVE) |
| Related URL |
14654 (SecurityFocus) |
| Related URL |
21988 (ISS) |
|
