CVE-2005-2000

Name of the Vulnerable Software and Affected Versions paFileDB versions 3.1 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters, including the formname parameter in the login form, the formname parameter in the team login form, or to auth.php. Additionally, the select, id, or query parameter to pafiledb.php, or the string parameter to search.php can be exploited.

Recommendations For paFileDB versions 3.1 and earlier, update to a version later than 3.1 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable parameters, such as formname, select, id, query, and string, until a patch is available. Avoid using the vulnerable parameters in the affected API endpoints, such as the login form, team login form, auth.php, pafiledb.php, and search.php, until the issue is resolved.