Vulnerability CVE-2005-2398
Published: 2005-07-27   Modified: 2012-02-12

Description:
Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows remote attackers to execute arbitrary SQL commands via (1) the sid, start, and id parameters to browse.php, the sid parameter to (2) dataentry.php, (3) export.php, (4) admin.php, (5) conditions.php, (6) spss.php, (7) deletesurvey.php, (8) dumpsurvey.php, or (9) statistics.php, or the lid parameter to (10) labels.php or (11) dumplabel.php.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Php surveyor -> Php surveyor 

 References:
http://secunia.com/advisories/16123
http://marc.theaimsgroup.com/?l=bugtraq&m=112188282401681&w=2
http://xforce.iss.net/xforce/xfdb/21444
http://www.securityfocus.com/bid/14331
http://www.osvdb.org/18108
http://www.osvdb.org/18107
http://www.osvdb.org/18106
http://www.osvdb.org/18105
http://www.osvdb.org/18104
http://www.osvdb.org/18103
http://www.osvdb.org/18102
http://www.osvdb.org/18101
http://www.osvdb.org/18100
http://www.osvdb.org/18099
http://www.osvdb.org/18098
http://securitytracker.com/id?1014538
Copyright 2024, cxsecurity.com

 

Back to Top