Multiple SQL injection vulnerabilities in paFileDB 3.1 and previous versions allow remote malicious users to execute arbitrary SQL commands via the formname parameter (1) in the login form, (2) in the team login form, or (3) to auth.php, (4) select, (5) id, or (6) query parameter to pafiledb.php, or (7) string parameter to search.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php arena pafiledb 2.1.1 |
||
php arena pafiledb 3.0 |
||
php arena pafiledb 3.0_beta_3.1 |
||
php arena pafiledb 3.1 |
||
php arena pafiledb 1.1.3 |