CVE-2005-2398

Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows remote attackers to execute arbitrary SQL commands via (1) the sid, start, and id parameters to browse.php, the sid parameter to (2) dataentry.php, (3) export.php, (4) admin.php, (5) conditions.php, (6) spss.php, (7) deletesurvey.php, (8) dumpsurvey.php, or (9) statistics.php, or the lid parameter to (10) labels.php or (11) dumplabel.php.

Published: Jul 27, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-2398
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
php_surveyor / php_surveyor	0.98	0.98.x

http://marc.info/?l=bugtraq&m=112188282401681&w=2
http://secunia.com/advisories/16123
http://securitytracker.com/id?1014538
http://www.osvdb.org/18098
http://www.osvdb.org/18099
http://www.osvdb.org/18100
http://www.osvdb.org/18101
http://www.osvdb.org/18102
http://www.osvdb.org/18103
http://www.osvdb.org/18104
http://www.osvdb.org/18105
http://www.osvdb.org/18106
http://www.osvdb.org/18107
http://www.osvdb.org/18108
http://www.securityfocus.com/bid/14331
https://exchange.xforce.ibmcloud.com/vulnerabilities/21444

Vulnerability Database

291,049

CVE-2005-2398