Filtered by vendor Php Surveyor
Subscribe
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2398 | 1 Php Surveyor | 1 Php Surveyor | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows remote attackers to execute arbitrary SQL commands via (1) the sid, start, and id parameters to browse.php, the sid parameter to (2) dataentry.php, (3) export.php, (4) admin.php, (5) conditions.php, (6) spss.php, (7) deletesurvey.php, (8) dumpsurvey.php, or (9) statistics.php, or the lid parameter to (10) labels.php or (11) dumplabel.php. | |||||
| CVE-2005-2380 | 1 Php Surveyor | 1 Php Surveyor | 2024-02-04 | 5.0 MEDIUM | N/A |
| Multiple cross-site scripting vulnerabilities in PHP Surveyor 0.98 allow remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) start, and (3) id parameters to browse.php, or the sid parameter to (4) dataentry.php or (5) export.php. | |||||
| CVE-2005-2399 | 1 Php Surveyor | 1 Php Surveyor | 2024-02-04 | 7.5 HIGH | N/A |
| PHP Surveyor 0.98 allows remote attackers to trigger SQL errors via missing parameters to (1) browse.php, (2) export.php, (3) conditions.php, or (4) spss.php. | |||||
| CVE-2005-2381 | 1 Php Surveyor | 1 Php Surveyor | 2024-02-04 | 5.0 MEDIUM | N/A |
| PHP Surveyor 0.98 allows remote attackers to obtain sensitive information via a direct request to (1) question.php, (2) survey.php, or (3) group.php in the root directory, a direct request to (4) database.php, (5) sessioncontrol.php, (6) html.php, (7) sessioncontrol.php, an invalid (8) qid parameter to dumpquestion.php, or an invalid lid parameter to (9) labels.php or (10) dumplabel.php, which reveal the path in an error message. | |||||