Pafaq

pafaq

Vendor: Php Arena • 5 CVEs

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2005-2014 1Php Arena 1Pafaq Apr 16, 2026 Jun 20, 2005 N/A· v4 N/A· v3 4.6 MEDIUM· v2 The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote authenticated administrators to execute arbitrary PHP commands by uploading a malicious language pack.
CVE-2005-2013 1Php Arena 1Pafaq Apr 16, 2026 Jun 20, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive information via a direct request to admin/backup.php, which contains a backup of the database including usernames and passwords.
CVE-2005-2012 1Php Arena 1Pafaq Apr 16, 2026 Jun 20, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) id parameters.
CVE-2005-2011 1Php Arena 1Pafaq Apr 16, 2026 Jun 20, 2005 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta 4 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the id parameter in a Question action.
CVE-2005-0475 1Php Arena 1Pafaq Apr 16, 2026 Mar 30, 2005 N/A· v4 N/A· v3 6.4 MEDIUM· v2 SQL injection vulnerability in paFAQ Beta4, and possibly other versions, allows remote attackers to execute arbitrary SQL code via the (1) offset, (2) limit, (3) order, or (4) orderby parameter to question.php, (5) offse...Show more SQL injection vulnerability in paFAQ Beta4, and possibly other versions, allows remote attackers to execute arbitrary SQL code via the (1) offset, (2) limit, (3) order, or (4) orderby parameter to question.php, (5) offset parameter to answer.php, (6) search_item parameter to search.php, (7) cat_id, (8) cid, or (9) id parameter to comment.php.Show less