CVE-2005-2723

Name of the Vulnerable Software and Affected Versions PaFileDB version 3.1

Description A SQL injection issue exists in the auth.php file of PaFileDB when the authmethod is set to cookies. This allows remote attackers to execute arbitrary SQL commands by manipulating the username value in the pafiledbcookie cookie.

Recommendations For PaFileDB version 3.1, update the auth.php file to properly sanitize the username value in the pafiledbcookie cookie to prevent SQL injection attacks. As a temporary workaround, consider restricting access to the auth.php file or disabling the use of cookies as an authmethod until a patch is available.