|
Description
|
|
Multiple vulnerabilities were identified in paFaq, which may be exploited by remote attackers to execute arbitrary commands or conduct cross site scripting and sql injection attacks.
- The first issue is due to an input validation error in the "index.php" script that does not properly filter the "id" parameter, which may be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser.
- The second vulnerability resides in the "index.php" script that does not properly filter the "username" and "id" variables, which could be exploited by remote attackers to execute arbitrary SQL commands.
- The third flaw resides in the "backup.php" file that does not properly validate security permissions, which could be exploited by remote attackers to download the paFaq database.
|
