Vulnerability Description
SQL injection vulnerability in paFAQ Beta4, and possibly other versions, allows remote attackers to execute arbitrary SQL code via the (1) offset, (2) limit, (3) order, or (4) orderby parameter to question.php, (5) offset parameter to answer.php, (6) search_item parameter to search.php, (7) cat_id, (8) cid, or (9) id parameter to comment.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php Arena | Pafaq | beta4 |
References
- http://marc.info/?l=bugtraq&m=110868808723487&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19371
- http://marc.info/?l=bugtraq&m=110868808723487&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19371
FAQ
What is CVE-2005-0475?
CVE-2005-0475 is a vulnerability with a CVSS score of 6.4 (MEDIUM). SQL injection vulnerability in paFAQ Beta4, and possibly other versions, allows remote attackers to execute arbitrary SQL code via the (1) offset, (2) limit, (3) order, or (4) orderby parameter to que...
How severe is CVE-2005-0475?
CVE-2005-0475 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0475?
Check the references section above for vendor advisories and patch information. Affected products include: Php Arena Pafaq.