CVE-2006-2065

{"id": "CVE-2006-2065", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-04-27T13:34:00.000", "references": [{"url": "http://retrogod.altervista.org/phpsurveyor_0995_xpl.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/19761", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1015970", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24787", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/431508/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/17633", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/1451", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25970", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the database, which are then processed by the thissurvey['language'] variable."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en save.php en PHPSurveyor 0.995 y versiones anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de la cookie surveyid. NOTA: este caso podr\u00eda ser aprovechado para ejecutar c\u00f3digo PHP arbitrario, como se demuestra mediante la inserci\u00f3n secuencias de salto de directorio dentro de la base de dato, que luego son procesado por la variable thissurvey['language']."}], "lastModified": "2018-10-18T16:37:55.957", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phpsurveyor:phpsurveyor:0.96_beta:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F82FE01-FC91-4259-A53D-4D03FCB0DCCA"}, {"criteria": "cpe:2.3:a:phpsurveyor:phpsurveyor:0.97_beta:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "086A5B9A-B3A2-42FC-B76C-D61225217762"}, {"criteria": "cpe:2.3:a:phpsurveyor:phpsurveyor:0.98_beta:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DAD67BC-BA23-4692-B333-D5F412DB7B88"}, {"criteria": "cpe:2.3:a:phpsurveyor:phpsurveyor:0.98_stable:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9467C7F-8283-4717-AA0F-AB1E745C5CA4"}, {"criteria": "cpe:2.3:a:phpsurveyor:phpsurveyor:0.99:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BA0CC28-1114-4CFC-B445-2FDF5D972AD3"}, {"criteria": "cpe:2.3:a:phpsurveyor:phpsurveyor:0.991:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CCB1FA7-3DA0-42C1-B426-B07A15C86F0A"}, {"criteria": "cpe:2.3:a:phpsurveyor:phpsurveyor:0.992:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDAC784E-B1D7-486E-940C-09BC34855BBF"}, {"criteria": "cpe:2.3:a:phpsurveyor:phpsurveyor:0.993:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6D7CDFC-5911-431E-ABD9-E864A71F8146"}, {"criteria": "cpe:2.3:a:phpsurveyor:phpsurveyor:0.995:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A0EF001-46CB-4D68-B451-5206E8F6DD3C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}