Vulnerabilities > CVE-2005-2381 - Information Disclosure vulnerability in PHP Surveyor PHP Surveyor 0.98
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
PHP Surveyor 0.98 allows remote attackers to obtain sensitive information via a direct request to (1) question.php, (2) survey.php, or (3) group.php in the root directory, a direct request to (4) database.php, (5) sessioncontrol.php, (6) html.php, (7) sessioncontrol.php, an invalid (8) qid parameter to dumpquestion.php, or an invalid lid parameter to (9) labels.php or (10) dumplabel.php, which reveal the path in an error message.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | CGI abuses |
NASL id | PHP_SURVEYOR_XSS_SQL.NASL |
description | The remote host is running PHP Surveyor, a set of PHP scripts used to develop, publish and collect responses from surveys. The remote version of this software contains multiple vulnerabilities that can lead to SQL injection, path disclosure and cross-site scripting. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 19494 |
published | 2005-08-24 |
reporter | Copyright (C) 2005-2018 Josh Zlatin-Amishav |
source | https://www.tenable.com/plugins/nessus/19494 |
title | PHP Surveyor Multiple Vulnerabilities |
code |
|