Vulnerabilities > PHP Surveyor
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-07-27 | CVE-2005-2399 | SQL Injection vulnerability in PHP Surveyor PHP Surveyor 0.98 PHP Surveyor 0.98 allows remote attackers to trigger SQL errors via missing parameters to (1) browse.php, (2) export.php, (3) conditions.php, or (4) spss.php. | 7.5 |
| 2005-07-27 | CVE-2005-2398 | SQL Injection vulnerability in PHP Surveyor PHP Surveyor 0.98 Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows remote attackers to execute arbitrary SQL commands via (1) the sid, start, and id parameters to browse.php, the sid parameter to (2) dataentry.php, (3) export.php, (4) admin.php, (5) conditions.php, (6) spss.php, (7) deletesurvey.php, (8) dumpsurvey.php, or (9) statistics.php, or the lid parameter to (10) labels.php or (11) dumplabel.php. | 7.5 |
| 2005-07-26 | CVE-2005-2381 | Information Disclosure vulnerability in PHP Surveyor PHP Surveyor 0.98 PHP Surveyor 0.98 allows remote attackers to obtain sensitive information via a direct request to (1) question.php, (2) survey.php, or (3) group.php in the root directory, a direct request to (4) database.php, (5) sessioncontrol.php, (6) html.php, (7) sessioncontrol.php, an invalid (8) qid parameter to dumpquestion.php, or an invalid lid parameter to (9) labels.php or (10) dumplabel.php, which reveal the path in an error message. | 5.0 |
| 2005-07-26 | CVE-2005-2380 | Cross-Site Scripting vulnerability in PHP Surveyor PHP Surveyor 0.98 Multiple cross-site scripting vulnerabilities in PHP Surveyor 0.98 allow remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) start, and (3) id parameters to browse.php, or the sid parameter to (4) dataentry.php or (5) export.php. | 5.0 |