CVE-2005-0475: SQL Injection
First published: Sat Feb 19 2005(Updated: )
SQL injection vulnerability in paFAQ Beta4, and possibly other versions, allows remote attackers to execute arbitrary SQL code via the (1) offset, (2) limit, (3) order, or (4) orderby parameter to question.php, (5) offset parameter to answer.php, (6) search_item parameter to search.php, (7) cat_id, (8) cid, or (9) id parameter to comment.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Php Arena Pafaq | =beta4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2005-0475?
CVE-2005-0475 is classified as a medium severity SQL injection vulnerability.
How do I fix CVE-2005-0475?
To fix CVE-2005-0475, sanitize user input and implement prepared statements to prevent SQL injection.
Which versions are affected by CVE-2005-0475?
CVE-2005-0475 affects paFAQ Beta4 and possibly other versions.
What type of attack is possible with CVE-2005-0475?
CVE-2005-0475 allows remote attackers to execute arbitrary SQL code.
What parameters are vulnerable in CVE-2005-0475?
CVE-2005-0475 is vulnerable via the offset, limit, order, orderby, and search_item parameters.
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/php arena
- canonical/php arena pafaq
- version/php arena pafaq/beta4