CVE-2005-2012

Name of the Vulnerable Software and Affected Versions paFAQ version 1.0 Beta 4

Description The issue allows remote attackers to execute arbitrary SQL commands and bypass authentication. This is achieved via the username or id parameters in the login functionality.

Recommendations For paFAQ version 1.0 Beta 4, consider restricting access to the login functionality until a patch is available, and avoid using the username and id parameters in a way that could facilitate SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.