Vulnerabilities > CVE-2005-2398 - SQL Injection vulnerability in PHP Surveyor PHP Surveyor 0.98
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows remote attackers to execute arbitrary SQL commands via (1) the sid, start, and id parameters to browse.php, the sid parameter to (2) dataentry.php, (3) export.php, (4) admin.php, (5) conditions.php, (6) spss.php, (7) deletesurvey.php, (8) dumpsurvey.php, or (9) statistics.php, or the lid parameter to (10) labels.php or (11) dumplabel.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | CGI abuses |
NASL id | PHP_SURVEYOR_XSS_SQL.NASL |
description | The remote host is running PHP Surveyor, a set of PHP scripts used to develop, publish and collect responses from surveys. The remote version of this software contains multiple vulnerabilities that can lead to SQL injection, path disclosure and cross-site scripting. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 19494 |
published | 2005-08-24 |
reporter | Copyright (C) 2005-2018 Josh Zlatin-Amishav |
source | https://www.tenable.com/plugins/nessus/19494 |
title | PHP Surveyor Multiple Vulnerabilities |
code |
|
References
- http://marc.info/?l=bugtraq&m=112188282401681&w=2
- http://secunia.com/advisories/16123
- http://securitytracker.com/id?1014538
- http://www.osvdb.org/18098
- http://www.osvdb.org/18099
- http://www.osvdb.org/18100
- http://www.osvdb.org/18101
- http://www.osvdb.org/18102
- http://www.osvdb.org/18103
- http://www.osvdb.org/18104
- http://www.osvdb.org/18105
- http://www.osvdb.org/18106
- http://www.osvdb.org/18107
- http://www.osvdb.org/18108
- http://www.securityfocus.com/bid/14331
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21444