Every CVE whose affected-product data names Php Arena Pafiledb, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (21)
CVE-2005-0327 — CVSS 7.5 (high): pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute arbitrary PHP code via a modified action parameter that is used in an…
CVE-2005-2723 — CVSS 7.5 (high): SQL injection vulnerability in auth.php in PaFileDB 3.1, when authmethod is set to cookies, allows remote attackers to execute arbitrary…
CVE-2007-3808 — CVSS 7.5 (high): SQL injection vulnerability in includes/search.php in paFileDB 3.6 allows remote attackers to execute arbitrary SQL commands via the…
CVE-2005-2000 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the…
CVE-2005-0781 — CVSS 7.5 (high): SQL injection vulnerability in (1) viewall.php and (2) category.php in paFileDB 3.1 and earlier allows remote attackers to execute…
CVE-2005-4329 — CVSS 7.5 (high): SQL injection vulnerability in pafiledb.php in PHP Arena paFileDB Extreme Edition RC 5 and earlier allows remote attackers to execute…
CVE-2006-2361 — CVSS 7.5 (high): PHP remote file inclusion vulnerability in pafiledb_constants.php in Download Manager (mxBB pafiledb) integration, as used with phpBB…
CVE-2005-0780 — CVSS 5.0 (medium): paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) auth.php, (2) login.php, (3)…
CVE-2004-1219 — CVSS 5.0 (medium): paFileDB 3.1, when using sessions authentication and while the administrator logs on, allows remote attackers to read the administrator's…
CVE-2004-1974 — CVSS 5.0 (medium): paFileDB 3.1 allows remote attackers to gain sensitive information via a direct request to (1) login.php, (2) category.php, (3) search.php…
CVE-2005-0326 — CVSS 5.0 (medium): pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive information via an invalid or missing action parameter, which…
CVE-2005-0724 — CVSS 5.0 (medium): paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via (1) an invalid str parameter to pafiledb.php, or a…
CVE-2005-0952 — CVSS 5.0 (medium): Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 allows remote attackers to inject arbitrary web script or HTML via the…
CVE-2005-2001 — CVSS 5.0 (medium): Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and earlier allows remote attackers to include arbitrary files via a…
CVE-2005-1999 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in paFileDB 3.1 allow remote attackers to inject arbitrary web script…
CVE-2002-1929 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena paFileDB 1.1.3 through 3.0 allows remote attackers to inject…
CVE-2002-1931 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in PHP Arena paFileDB 1.1.3 and 2.1.1 allows remote attackers to inject arbitrary web script or…
CVE-2005-0723 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the jumpmenu function in functions.php for paFileDB 3.1 and earlier allows remote attackers to…
CVE-2004-1975 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the category module in pafiledb.php for paFileDB 3.1 allows remote attackers to inject…
CVE-2005-0782 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) category.php for paFileDB 3.1 and earlier allows remote attackers to…
CVE-2004-1551 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the (1) email or (2) file modules in paFileDB 3.1 Final allows remote attackers to execute…