CVE-2005-2381

PHP Surveyor 0.98 allows remote attackers to obtain sensitive information via a direct request to (1) question.php, (2) survey.php, or (3) group.php in the root directory, a direct request to (4) database.php, (5) sessioncontrol.php, (6) html.php, (7) sessioncontrol.php, an invalid (8) qid parameter to dumpquestion.php, or an invalid lid parameter to (9) labels.php or (10) dumplabel.php, which reveal the path in an error message.

Published: Jul 26, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-2381
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
php_surveyor / php_surveyor	0.98	0.98.x

http://marc.info/?l=bugtraq&m=112188282401681&w=2
http://secunia.com/advisories/16123

Vulnerability Database

291,049

CVE-2005-2381