本ページは php_arena pafaq に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2005-2014 | The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote authenticated administrators to execute arbitrary PHP commands by uploading a malicious language pack. | [email protected] | 4.6 | 0.17% | 2005-06-20 | 2026-04-16 |
| CVE-2005-2013 | paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive information via a direct request to admin/backup.php, which contains a backup of the database including usernames and passwords. | [email protected] | 5.0 | 0.41% | 2005-06-20 | 2026-04-16 |
| CVE-2005-2012 | Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) id parameters. | [email protected] | 7.5 | 0.83% | 2005-06-20 | 2026-04-16 |
| CVE-2005-2011 | Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta 4 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the id parameter in a Question action. | [email protected] | 4.3 | 0.45% | 2005-06-20 | 2026-04-16 |
| CVE-2005-0475 | SQL injection vulnerability in paFAQ Beta4, and possibly other versions, allows remote attackers to execute arbitrary SQL code via the (1) offset, (2) limit, (3) order, or (4) orderby parameter to question.php, (5) offset parameter to answer.php, (6) search_item parameter to search.php, (7) cat_id, (8) cid, or (9) id parameter to comment.php. | [email protected] | 6.4 | 0.33% | 2005-03-30 | 2026-04-16 |