SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the database, which are then processed by the thissurvey['language'] variable.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2006-04-27 13:34
Updated : 2024-02-04 16:52
NVD link : CVE-2006-2065
Mitre link : CVE-2006-2065
CVE.ORG link : CVE-2006-2065
JSON object : View
Products Affected
phpsurveyor
- phpsurveyor
CWE