VYPR
Vendor

PaFAQ

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2005-2011Jun 20, 2005
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta 4 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the id parameter in a Question action.

  • CVE-2005-2012Jun 20, 2005
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) id parameters.

  • CVE-2005-0475Mar 30, 2005
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in paFAQ Beta4, and possibly other versions, allows remote attackers to execute arbitrary SQL code via the (1) offset, (2) limit, (3) order, or (4) orderby parameter to question.php, (5) offset parameter to answer.php, (6) search_item parameter to…

  • CVE-2005-2013Jun 20, 2005
    risk 0.00cvss epss 0.01

    paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive information via a direct request to admin/backup.php, which contains a backup of the database including usernames and passwords.