7 lines
No EOL
509 B
Text
7 lines
No EOL
509 B
Text
source: http://www.securityfocus.com/bid/12788/info
|
|
|
|
Multiple SQL injection and cross-site scripting vulnerabilities exist in paFileDB. These issues are reported to exist in the 'viewall.php' and 'category.php' scripts.
|
|
|
|
Exploitation of these issues may allow for compromise of the software, session hijacking, or attacks against the underlying database.
|
|
|
|
http://www.example.com/[pafiledb_dir]/pafiledb.php?action=category&start="><iframe%20src=http://www.securityreason.com></iframe>&sortby=date |