CVE-2005-2398

{"id": "CVE-2005-2398", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2005-07-27T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=112188282401681&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/16123", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1014538", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/18098", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/18099", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/18100", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/18101", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/18102", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/18103", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/18104", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/18105", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/18106", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/18107", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/18108", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/14331", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21444", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows remote attackers to execute arbitrary SQL commands via (1) the sid, start, and id parameters to browse.php, the sid parameter to (2) dataentry.php, (3) export.php, (4) admin.php, (5) conditions.php, (6) spss.php, (7) deletesurvey.php, (8) dumpsurvey.php, or (9) statistics.php, or the lid parameter to (10) labels.php or (11) dumplabel.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n de SQL en PHP Surveyor 0.98 permite que atacantes remotos ejecuten comandos SQL mediante: (1) par\u00e1metros sid, start, e id en browse.php, par\u00e1metro sid en (2) dataentry.php, (3) export.php, (4) admin.php, (5) conditions.php, (6) spss.php, (7) deletesurvey.php, (8) dumpsurvey.php, y (9) statistics.php, y par\u00e1metro lid en (10) labels.php y (11) dumplabel.php."}], "lastModified": "2017-07-11T01:32:49.093", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:php_surveyor:php_surveyor:0.98:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78E91066-133F-4946-B355-A951753A3D3F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}