CVE-2005-2398

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2005-2398
Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows remote attackers to execute arbitrary SQL commands via (1) the sid, start, and id parameters to browse.php, the sid parameter to (2) dataentry.php, (3) export.php, (4) admin.php, (5) conditions.php, (6) spss.php, (7) deletesurvey.php, (8) dumpsurvey.php, or (9) statistics.php, or the lid parameter to (10) labels.php or (11) dumplabel.php.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://marc.info/?l=bugtraq&m=112188282401681&w=2
http://secunia.com/advisories/16123 Vendor Advisory
http://securitytracker.com/id?1014538
http://www.osvdb.org/18098
http://www.osvdb.org/18099
http://www.osvdb.org/18100
http://www.osvdb.org/18101
http://www.osvdb.org/18102
http://www.osvdb.org/18103
http://www.osvdb.org/18104
http://www.osvdb.org/18105
http://www.osvdb.org/18106
http://www.osvdb.org/18107
http://www.osvdb.org/18108
http://www.securityfocus.com/bid/14331
https://exchange.xforce.ibmcloud.com/vulnerabilities/21444
http://marc.info/?l=bugtraq&m=112188282401681&w=2
http://secunia.com/advisories/16123 Vendor Advisory
http://securitytracker.com/id?1014538
http://www.osvdb.org/18098
http://www.osvdb.org/18099
http://www.osvdb.org/18100
http://www.osvdb.org/18101
http://www.osvdb.org/18102
http://www.osvdb.org/18103
http://www.osvdb.org/18104
http://www.osvdb.org/18105
http://www.osvdb.org/18106
http://www.osvdb.org/18107
http://www.osvdb.org/18108
http://www.securityfocus.com/bid/14331
https://exchange.xforce.ibmcloud.com/vulnerabilities/21444
Configurations

Configuration 1 (hide)

cpe:2.3:a:php_surveyor:php_surveyor:0.98:*:*:*:*:*:*:*
History

20 Nov 2024, 23:59

Type Values Removed Values Added
References () http://marc.info/?l=bugtraq&m=112188282401681&w=2 - () http://marc.info/?l=bugtraq&m=112188282401681&w=2 -
References () http://secunia.com/advisories/16123 - Vendor Advisory () http://secunia.com/advisories/16123 - Vendor Advisory
References () http://securitytracker.com/id?1014538 - () http://securitytracker.com/id?1014538 -
References () http://www.osvdb.org/18098 - () http://www.osvdb.org/18098 -
References () http://www.osvdb.org/18099 - () http://www.osvdb.org/18099 -
References () http://www.osvdb.org/18100 - () http://www.osvdb.org/18100 -
References () http://www.osvdb.org/18101 - () http://www.osvdb.org/18101 -
References () http://www.osvdb.org/18102 - () http://www.osvdb.org/18102 -
References () http://www.osvdb.org/18103 - () http://www.osvdb.org/18103 -
References () http://www.osvdb.org/18104 - () http://www.osvdb.org/18104 -
References () http://www.osvdb.org/18105 - () http://www.osvdb.org/18105 -
References () http://www.osvdb.org/18106 - () http://www.osvdb.org/18106 -
References () http://www.osvdb.org/18107 - () http://www.osvdb.org/18107 -
References () http://www.osvdb.org/18108 - () http://www.osvdb.org/18108 -
References () http://www.securityfocus.com/bid/14331 - () http://www.securityfocus.com/bid/14331 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/21444 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/21444 -
Information

Published : 2005-07-27 04:00

Updated : 2024-11-20 23:59

NVD link : CVE-2005-2398

Mitre link : CVE-2005-2398

CVE.ORG link : CVE-2005-2398

JSON object : View

Products Affected

php_surveyor

  • php_surveyor
CWE
NVD-CWE-Other