Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 allows remote malicious users to inject arbitrary web script or HTML via the id parameter.
php arena pafiledb 3.1