phpSurveyor dumpquestion.php qid Variable Path Disclosure

2005-07-19T09:56:04
ID OSVDB:18091
Type osvdb
Reporter tgo(thegreatone2176@yahoo.com)
Modified 2005-07-19T09:56:04

Description

Vulnerability Description

phpSurveyor contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when an attacker provides malformed input to the 'qid' variable of the dumpquestion.php script, which will disclose the installation path resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

phpSurveyor contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when an attacker provides malformed input to the 'qid' variable of the dumpquestion.php script, which will disclose the installation path resulting in a loss of confidentiality.

References:

Vendor URL: http://phpsurveyor.org/ Security Tracker: 1014538 Secunia Advisory ID:16123 Related OSVDB ID: 18088 Related OSVDB ID: 18090 Related OSVDB ID: 18093 Related OSVDB ID: 18087 Related OSVDB ID: 18086 Related OSVDB ID: 18089 Related OSVDB ID: 18092 Related OSVDB ID: 18098 Related OSVDB ID: 18094 Related OSVDB ID: 18095 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0326.html CVE-2005-2381