Search...

phpSurveyor dumplabel.php lid Variable SQL Injection

2005-07-19T09:56:04

ID OSVDB:18099
Type osvdb
Reporter tgo(thegreatone2176@yahoo.com)
Modified 2005-07-19T09:56:04

Description

Vulnerability Description

phpSurveyor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the dumplabel.php script not properly sanitizing user-supplied input to the 'lid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

References:

Vendor URL: http://phpsurveyor.org/ Security Tracker: 1014538 Secunia Advisory ID:16123 Related OSVDB ID: 18108 Related OSVDB ID: 18101 Related OSVDB ID: 18102 Related OSVDB ID: 18086 Related OSVDB ID: 18098 Related OSVDB ID: 18100 Related OSVDB ID: 18103 Related OSVDB ID: 18105 Related OSVDB ID: 18107 Related OSVDB ID: 18095 Related OSVDB ID: 18104 Related OSVDB ID: 18106 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0326.html CVE-2005-2398

JSON Vulners Source

Initial Source

{"type": "osvdb", "published": "2005-07-19T09:56:04", "href": "https://vulners.com/osvdb/OSVDB:18099", "hashmap": [{"key": "affectedSoftware", "hash": "ac4d599478a2bb17d8518f533bdfff8d"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "99b438dca241688ce36c6fe0d6836f1e"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "7eb316a1b9ebe686b0010975488be501"}, {"key": "href", "hash": "2d3af72159abf70034141c3206b300e6"}, {"key": "modified", "hash": "dfd0ac06e049d1fa891ec8142fee72db"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "dfd0ac06e049d1fa891ec8142fee72db"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "bd60df1501fc8fbe1070d3f73ce5625d"}, {"key": "title", "hash": "6a18f4d85076c6effe926badc846c6e2"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "viewCount": 0, "history": [], "edition": 1, "objectVersion": "1.2", "reporter": "tgo(thegreatone2176@yahoo.com)", "title": "phpSurveyor dumplabel.php lid Variable SQL Injection", "affectedSoftware": [{"operator": "eq", "version": "0.98", "name": "phpSurveyor"}], "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-2398"]}, {"type": "osvdb", "idList": ["OSVDB:18103", "OSVDB:18108", "OSVDB:18106", "OSVDB:18098", "OSVDB:18101", "OSVDB:18107", "OSVDB:18105", "OSVDB:18100", "OSVDB:18102", "OSVDB:18104"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231019494"]}, {"type": "nessus", "idList": ["PHP_SURVEYOR_XSS_SQL.NASL"]}], "modified": "2017-04-28T13:20:14"}, "vulnersScore": 7.5}, "references": [], "id": "OSVDB:18099", "hash": "c4b663d1d1773074156e2a6b6792c55d33834ac356c894cb3bef8eb66fe6460c", "lastseen": "2017-04-28T13:20:14", "cvelist": ["CVE-2005-2398"], "modified": "2005-07-19T09:56:04", "description": "## Vulnerability Description\nphpSurveyor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the dumplabel.php script not properly sanitizing user-supplied input to the 'lid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nphpSurveyor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the dumplabel.php script not properly sanitizing user-supplied input to the 'lid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://phpsurveyor.org/\nSecurity Tracker: 1014538\n[Secunia Advisory ID:16123](https://secuniaresearch.flexerasoftware.com/advisories/16123/)\n[Related OSVDB ID: 18108](https://vulners.com/osvdb/OSVDB:18108)\n[Related OSVDB ID: 18101](https://vulners.com/osvdb/OSVDB:18101)\n[Related OSVDB ID: 18102](https://vulners.com/osvdb/OSVDB:18102)\n[Related OSVDB ID: 18086](https://vulners.com/osvdb/OSVDB:18086)\n[Related OSVDB ID: 18098](https://vulners.com/osvdb/OSVDB:18098)\n[Related OSVDB ID: 18100](https://vulners.com/osvdb/OSVDB:18100)\n[Related OSVDB ID: 18103](https://vulners.com/osvdb/OSVDB:18103)\n[Related OSVDB ID: 18105](https://vulners.com/osvdb/OSVDB:18105)\n[Related OSVDB ID: 18107](https://vulners.com/osvdb/OSVDB:18107)\n[Related OSVDB ID: 18095](https://vulners.com/osvdb/OSVDB:18095)\n[Related OSVDB ID: 18104](https://vulners.com/osvdb/OSVDB:18104)\n[Related OSVDB ID: 18106](https://vulners.com/osvdb/OSVDB:18106)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0326.html\n[CVE-2005-2398](https://vulners.com/cve/CVE-2005-2398)\n"}

{"cve": [{"lastseen": "2017-07-11T11:14:56", "bulletinFamily": "NVD", "description": "Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows remote attackers to execute arbitrary SQL commands via (1) the sid, start, and id parameters to browse.php, the sid parameter to (2) dataentry.php, (3) export.php, (4) admin.php, (5) conditions.php, (6) spss.php, (7) deletesurvey.php, (8) dumpsurvey.php, or (9) statistics.php, or the lid parameter to (10) labels.php or (11) dumplabel.php.", "modified": "2017-07-10T21:32:49", "published": "2005-07-27T00:00:00", "id": "CVE-2005-2398", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2398", "title": "CVE-2005-2398", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "## Vulnerability Description\nphpSurveyor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the statistics.php script not properly sanitizing user-supplied input to the 'sid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nphpSurveyor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the statistics.php script not properly sanitizing user-supplied input to the 'sid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://phpsurveyor.org/\nSecurity Tracker: 1014538\n[Secunia Advisory ID:16123](https://secuniaresearch.flexerasoftware.com/advisories/16123/)\n[Related OSVDB ID: 18101](https://vulners.com/osvdb/OSVDB:18101)\n[Related OSVDB ID: 18102](https://vulners.com/osvdb/OSVDB:18102)\n[Related OSVDB ID: 18086](https://vulners.com/osvdb/OSVDB:18086)\n[Related OSVDB ID: 18098](https://vulners.com/osvdb/OSVDB:18098)\n[Related OSVDB ID: 18099](https://vulners.com/osvdb/OSVDB:18099)\n[Related OSVDB ID: 18100](https://vulners.com/osvdb/OSVDB:18100)\n[Related OSVDB ID: 18103](https://vulners.com/osvdb/OSVDB:18103)\n[Related OSVDB ID: 18105](https://vulners.com/osvdb/OSVDB:18105)\n[Related OSVDB ID: 18107](https://vulners.com/osvdb/OSVDB:18107)\n[Related OSVDB ID: 18095](https://vulners.com/osvdb/OSVDB:18095)\n[Related OSVDB ID: 18104](https://vulners.com/osvdb/OSVDB:18104)\n[Related OSVDB ID: 18106](https://vulners.com/osvdb/OSVDB:18106)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0326.html\n[CVE-2005-2398](https://vulners.com/cve/CVE-2005-2398)\n", "modified": "2005-07-19T09:56:04", "published": "2005-07-19T09:56:04", "href": "https://vulners.com/osvdb/OSVDB:18108", "id": "OSVDB:18108", "type": "osvdb", "title": "phpSurveyor statistics.php sid Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "## Vulnerability Description\nphpSurveyor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin.php script not properly sanitizing user-supplied input to the 'sid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nphpSurveyor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin.php script not properly sanitizing user-supplied input to the 'sid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://phpsurveyor.org/\nSecurity Tracker: 1014538\n[Secunia Advisory ID:16123](https://secuniaresearch.flexerasoftware.com/advisories/16123/)\n[Related OSVDB ID: 18108](https://vulners.com/osvdb/OSVDB:18108)\n[Related OSVDB ID: 18101](https://vulners.com/osvdb/OSVDB:18101)\n[Related OSVDB ID: 18102](https://vulners.com/osvdb/OSVDB:18102)\n[Related OSVDB ID: 18086](https://vulners.com/osvdb/OSVDB:18086)\n[Related OSVDB ID: 18098](https://vulners.com/osvdb/OSVDB:18098)\n[Related OSVDB ID: 18099](https://vulners.com/osvdb/OSVDB:18099)\n[Related OSVDB ID: 18100](https://vulners.com/osvdb/OSVDB:18100)\n[Related OSVDB ID: 18105](https://vulners.com/osvdb/OSVDB:18105)\n[Related OSVDB ID: 18107](https://vulners.com/osvdb/OSVDB:18107)\n[Related OSVDB ID: 18095](https://vulners.com/osvdb/OSVDB:18095)\n[Related OSVDB ID: 18104](https://vulners.com/osvdb/OSVDB:18104)\n[Related OSVDB ID: 18106](https://vulners.com/osvdb/OSVDB:18106)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0326.html\n[CVE-2005-2398](https://vulners.com/cve/CVE-2005-2398)\n", "modified": "2005-07-19T09:56:04", "published": "2005-07-19T09:56:04", "href": "https://vulners.com/osvdb/OSVDB:18103", "id": "OSVDB:18103", "type": "osvdb", "title": "phpSurveyor admin.php sid Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "## Vulnerability Description\nphpSurveyor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the labels.php script not properly sanitizing user-supplied input to the 'lid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nphpSurveyor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the labels.php script not properly sanitizing user-supplied input to the 'lid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://phpsurveyor.org/\nSecurity Tracker: 1014538\n[Secunia Advisory ID:16123](https://secuniaresearch.flexerasoftware.com/advisories/16123/)\n[Related OSVDB ID: 18108](https://vulners.com/osvdb/OSVDB:18108)\n[Related OSVDB ID: 18101](https://vulners.com/osvdb/OSVDB:18101)\n[Related OSVDB ID: 18102](https://vulners.com/osvdb/OSVDB:18102)\n[Related OSVDB ID: 18086](https://vulners.com/osvdb/OSVDB:18086)\n[Related OSVDB ID: 18099](https://vulners.com/osvdb/OSVDB:18099)\n[Related OSVDB ID: 18100](https://vulners.com/osvdb/OSVDB:18100)\n[Related OSVDB ID: 18103](https://vulners.com/osvdb/OSVDB:18103)\n[Related OSVDB ID: 18105](https://vulners.com/osvdb/OSVDB:18105)\n[Related OSVDB ID: 18107](https://vulners.com/osvdb/OSVDB:18107)\n[Related OSVDB ID: 18095](https://vulners.com/osvdb/OSVDB:18095)\n[Related OSVDB ID: 18104](https://vulners.com/osvdb/OSVDB:18104)\n[Related OSVDB ID: 18106](https://vulners.com/osvdb/OSVDB:18106)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0326.html\n[CVE-2005-2398](https://vulners.com/cve/CVE-2005-2398)\n", "modified": "2005-07-19T09:56:04", "published": "2005-07-19T09:56:04", "href": "https://vulners.com/osvdb/OSVDB:18098", "id": "OSVDB:18098", "type": "osvdb", "title": "phpSurveyor labels.php lid Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "## Vulnerability Description\nphpSurveyor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the deletesurvey.php script not properly sanitizing user-supplied input to the 'sid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nphpSurveyor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the deletesurvey.php script not properly sanitizing user-supplied input to the 'sid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://phpsurveyor.org/\nSecurity Tracker: 1014538\n[Secunia Advisory ID:16123](https://secuniaresearch.flexerasoftware.com/advisories/16123/)\n[Related OSVDB ID: 18108](https://vulners.com/osvdb/OSVDB:18108)\n[Related OSVDB ID: 18101](https://vulners.com/osvdb/OSVDB:18101)\n[Related OSVDB ID: 18102](https://vulners.com/osvdb/OSVDB:18102)\n[Related OSVDB ID: 18086](https://vulners.com/osvdb/OSVDB:18086)\n[Related OSVDB ID: 18098](https://vulners.com/osvdb/OSVDB:18098)\n[Related OSVDB ID: 18099](https://vulners.com/osvdb/OSVDB:18099)\n[Related OSVDB ID: 18100](https://vulners.com/osvdb/OSVDB:18100)\n[Related OSVDB ID: 18103](https://vulners.com/osvdb/OSVDB:18103)\n[Related OSVDB ID: 18105](https://vulners.com/osvdb/OSVDB:18105)\n[Related OSVDB ID: 18107](https://vulners.com/osvdb/OSVDB:18107)\n[Related OSVDB ID: 18095](https://vulners.com/osvdb/OSVDB:18095)\n[Related OSVDB ID: 18104](https://vulners.com/osvdb/OSVDB:18104)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0326.html\n[CVE-2005-2398](https://vulners.com/cve/CVE-2005-2398)\n", "modified": "2005-07-19T09:56:04", "published": "2005-07-19T09:56:04", "href": "https://vulners.com/osvdb/OSVDB:18106", "id": "OSVDB:18106", "type": "osvdb", "title": "phpSurveyor deletesurvey.php sid Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "## Vulnerability Description\nphpSurveyor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the dataentry.php script not properly sanitizing user-supplied input to the 'sid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nphpSurveyor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the dataentry.php script not properly sanitizing user-supplied input to the 'sid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://phpsurveyor.org/\nSecurity Tracker: 1014538\n[Secunia Advisory ID:16123](https://secuniaresearch.flexerasoftware.com/advisories/16123/)\n[Related OSVDB ID: 18108](https://vulners.com/osvdb/OSVDB:18108)\n[Related OSVDB ID: 18102](https://vulners.com/osvdb/OSVDB:18102)\n[Related OSVDB ID: 18086](https://vulners.com/osvdb/OSVDB:18086)\n[Related OSVDB ID: 18098](https://vulners.com/osvdb/OSVDB:18098)\n[Related OSVDB ID: 18099](https://vulners.com/osvdb/OSVDB:18099)\n[Related OSVDB ID: 18100](https://vulners.com/osvdb/OSVDB:18100)\n[Related OSVDB ID: 18103](https://vulners.com/osvdb/OSVDB:18103)\n[Related OSVDB ID: 18105](https://vulners.com/osvdb/OSVDB:18105)\n[Related OSVDB ID: 18107](https://vulners.com/osvdb/OSVDB:18107)\n[Related OSVDB ID: 18095](https://vulners.com/osvdb/OSVDB:18095)\n[Related OSVDB ID: 18104](https://vulners.com/osvdb/OSVDB:18104)\n[Related OSVDB ID: 18106](https://vulners.com/osvdb/OSVDB:18106)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0326.html\n[CVE-2005-2398](https://vulners.com/cve/CVE-2005-2398)\n", "modified": "2005-07-19T09:56:04", "published": "2005-07-19T09:56:04", "href": "https://vulners.com/osvdb/OSVDB:18101", "id": "OSVDB:18101", "type": "osvdb", "title": "phpSurveyor dataentry.php sid Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "## Vulnerability Description\nphpSurveyor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the dumpsurvey.php script not properly sanitizing user-supplied input to the 'sid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nphpSurveyor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the dumpsurvey.php script not properly sanitizing user-supplied input to the 'sid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://phpsurveyor.org/\nSecurity Tracker: 1014538\n[Secunia Advisory ID:16123](https://secuniaresearch.flexerasoftware.com/advisories/16123/)\n[Related OSVDB ID: 18108](https://vulners.com/osvdb/OSVDB:18108)\n[Related OSVDB ID: 18101](https://vulners.com/osvdb/OSVDB:18101)\n[Related OSVDB ID: 18102](https://vulners.com/osvdb/OSVDB:18102)\n[Related OSVDB ID: 18086](https://vulners.com/osvdb/OSVDB:18086)\n[Related OSVDB ID: 18098](https://vulners.com/osvdb/OSVDB:18098)\n[Related OSVDB ID: 18099](https://vulners.com/osvdb/OSVDB:18099)\n[Related OSVDB ID: 18100](https://vulners.com/osvdb/OSVDB:18100)\n[Related OSVDB ID: 18103](https://vulners.com/osvdb/OSVDB:18103)\n[Related OSVDB ID: 18105](https://vulners.com/osvdb/OSVDB:18105)\n[Related OSVDB ID: 18095](https://vulners.com/osvdb/OSVDB:18095)\n[Related OSVDB ID: 18104](https://vulners.com/osvdb/OSVDB:18104)\n[Related OSVDB ID: 18106](https://vulners.com/osvdb/OSVDB:18106)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0326.html\n[CVE-2005-2398](https://vulners.com/cve/CVE-2005-2398)\n", "modified": "2005-07-19T09:56:04", "published": "2005-07-19T09:56:04", "href": "https://vulners.com/osvdb/OSVDB:18107", "id": "OSVDB:18107", "type": "osvdb", "title": "phpSurveyor dumpsurvey.php sid Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "## Vulnerability Description\nphpSurveyor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the spss.php script not properly sanitizing user-supplied input to the 'sid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nphpSurveyor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the spss.php script not properly sanitizing user-supplied input to the 'sid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://phpsurveyor.org/\nSecurity Tracker: 1014538\n[Secunia Advisory ID:16123](https://secuniaresearch.flexerasoftware.com/advisories/16123/)\n[Related OSVDB ID: 18108](https://vulners.com/osvdb/OSVDB:18108)\n[Related OSVDB ID: 18101](https://vulners.com/osvdb/OSVDB:18101)\n[Related OSVDB ID: 18102](https://vulners.com/osvdb/OSVDB:18102)\n[Related OSVDB ID: 18086](https://vulners.com/osvdb/OSVDB:18086)\n[Related OSVDB ID: 18098](https://vulners.com/osvdb/OSVDB:18098)\n[Related OSVDB ID: 18099](https://vulners.com/osvdb/OSVDB:18099)\n[Related OSVDB ID: 18100](https://vulners.com/osvdb/OSVDB:18100)\n[Related OSVDB ID: 18103](https://vulners.com/osvdb/OSVDB:18103)\n[Related OSVDB ID: 18107](https://vulners.com/osvdb/OSVDB:18107)\n[Related OSVDB ID: 18095](https://vulners.com/osvdb/OSVDB:18095)\n[Related OSVDB ID: 18104](https://vulners.com/osvdb/OSVDB:18104)\n[Related OSVDB ID: 18106](https://vulners.com/osvdb/OSVDB:18106)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0326.html\n[CVE-2005-2399](https://vulners.com/cve/CVE-2005-2399)\n[CVE-2005-2398](https://vulners.com/cve/CVE-2005-2398)\nBugtraq ID: 14331\n", "modified": "2005-07-19T09:56:04", "published": "2005-07-19T09:56:04", "href": "https://vulners.com/osvdb/OSVDB:18105", "id": "OSVDB:18105", "type": "osvdb", "title": "phpSurveyor spss.php sid Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "## Vulnerability Description\nphpSurveyor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the browse.php script not properly sanitizing user-supplied input to the 'sid', 'start', and 'id' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nphpSurveyor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the browse.php script not properly sanitizing user-supplied input to the 'sid', 'start', and 'id' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://phpsurveyor.org/\nSecurity Tracker: 1014538\n[Secunia Advisory ID:16123](https://secuniaresearch.flexerasoftware.com/advisories/16123/)\n[Related OSVDB ID: 18108](https://vulners.com/osvdb/OSVDB:18108)\n[Related OSVDB ID: 18101](https://vulners.com/osvdb/OSVDB:18101)\n[Related OSVDB ID: 18102](https://vulners.com/osvdb/OSVDB:18102)\n[Related OSVDB ID: 18086](https://vulners.com/osvdb/OSVDB:18086)\n[Related OSVDB ID: 18098](https://vulners.com/osvdb/OSVDB:18098)\n[Related OSVDB ID: 18099](https://vulners.com/osvdb/OSVDB:18099)\n[Related OSVDB ID: 18103](https://vulners.com/osvdb/OSVDB:18103)\n[Related OSVDB ID: 18105](https://vulners.com/osvdb/OSVDB:18105)\n[Related OSVDB ID: 18107](https://vulners.com/osvdb/OSVDB:18107)\n[Related OSVDB ID: 18095](https://vulners.com/osvdb/OSVDB:18095)\n[Related OSVDB ID: 18104](https://vulners.com/osvdb/OSVDB:18104)\n[Related OSVDB ID: 18106](https://vulners.com/osvdb/OSVDB:18106)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0326.html\n[CVE-2005-2399](https://vulners.com/cve/CVE-2005-2399)\n[CVE-2005-2398](https://vulners.com/cve/CVE-2005-2398)\nBugtraq ID: 14331\n", "modified": "2005-07-19T09:56:04", "published": "2005-07-19T09:56:04", "href": "https://vulners.com/osvdb/OSVDB:18100", "id": "OSVDB:18100", "type": "osvdb", "title": "phpSurveyor browse.php Multiple Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "## Vulnerability Description\nphpSurveyor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the export.php script not properly sanitizing user-supplied input to the 'sid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nphpSurveyor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the export.php script not properly sanitizing user-supplied input to the 'sid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://phpsurveyor.org/\nSecurity Tracker: 1014538\n[Secunia Advisory ID:16123](https://secuniaresearch.flexerasoftware.com/advisories/16123/)\n[Related OSVDB ID: 18108](https://vulners.com/osvdb/OSVDB:18108)\n[Related OSVDB ID: 18101](https://vulners.com/osvdb/OSVDB:18101)\n[Related OSVDB ID: 18086](https://vulners.com/osvdb/OSVDB:18086)\n[Related OSVDB ID: 18098](https://vulners.com/osvdb/OSVDB:18098)\n[Related OSVDB ID: 18099](https://vulners.com/osvdb/OSVDB:18099)\n[Related OSVDB ID: 18100](https://vulners.com/osvdb/OSVDB:18100)\n[Related OSVDB ID: 18103](https://vulners.com/osvdb/OSVDB:18103)\n[Related OSVDB ID: 18105](https://vulners.com/osvdb/OSVDB:18105)\n[Related OSVDB ID: 18107](https://vulners.com/osvdb/OSVDB:18107)\n[Related OSVDB ID: 18095](https://vulners.com/osvdb/OSVDB:18095)\n[Related OSVDB ID: 18104](https://vulners.com/osvdb/OSVDB:18104)\n[Related OSVDB ID: 18106](https://vulners.com/osvdb/OSVDB:18106)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0326.html\n[CVE-2005-2399](https://vulners.com/cve/CVE-2005-2399)\n[CVE-2005-2398](https://vulners.com/cve/CVE-2005-2398)\nBugtraq ID: 14331\n", "modified": "2005-07-19T09:56:04", "published": "2005-07-19T09:56:04", "href": "https://vulners.com/osvdb/OSVDB:18102", "id": "OSVDB:18102", "type": "osvdb", "title": "phpSurveyor export.php sid Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "## Vulnerability Description\nphpSurveyor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the conditions.php script not properly sanitizing user-supplied input to the 'sid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nphpSurveyor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the conditions.php script not properly sanitizing user-supplied input to the 'sid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://phpsurveyor.org/\nSecurity Tracker: 1014538\n[Secunia Advisory ID:16123](https://secuniaresearch.flexerasoftware.com/advisories/16123/)\n[Related OSVDB ID: 18108](https://vulners.com/osvdb/OSVDB:18108)\n[Related OSVDB ID: 18101](https://vulners.com/osvdb/OSVDB:18101)\n[Related OSVDB ID: 18102](https://vulners.com/osvdb/OSVDB:18102)\n[Related OSVDB ID: 18086](https://vulners.com/osvdb/OSVDB:18086)\n[Related OSVDB ID: 18098](https://vulners.com/osvdb/OSVDB:18098)\n[Related OSVDB ID: 18099](https://vulners.com/osvdb/OSVDB:18099)\n[Related OSVDB ID: 18100](https://vulners.com/osvdb/OSVDB:18100)\n[Related OSVDB ID: 18103](https://vulners.com/osvdb/OSVDB:18103)\n[Related OSVDB ID: 18105](https://vulners.com/osvdb/OSVDB:18105)\n[Related OSVDB ID: 18107](https://vulners.com/osvdb/OSVDB:18107)\n[Related OSVDB ID: 18095](https://vulners.com/osvdb/OSVDB:18095)\n[Related OSVDB ID: 18106](https://vulners.com/osvdb/OSVDB:18106)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0326.html\n[CVE-2005-2399](https://vulners.com/cve/CVE-2005-2399)\n[CVE-2005-2398](https://vulners.com/cve/CVE-2005-2398)\nBugtraq ID: 14331\n", "modified": "2005-07-19T09:56:04", "published": "2005-07-19T09:56:04", "href": "https://vulners.com/osvdb/OSVDB:18104", "id": "OSVDB:18104", "type": "osvdb", "title": "phpSurveyor conditions.php sid Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-09-01T23:36:00", "bulletinFamily": "scanner", "description": "The remote host is running PHP Surveyor, a set of PHP scripts used to\n develop, publish and collect responses from surveys.\n\n The remote version of this software contains multiple vulnerabilities\n that can lead to SQL injection, path disclosure and cross-site scripting.", "modified": "2017-09-27T00:00:00", "published": "2006-03-26T00:00:00", "id": "OPENVAS:136141256231019494", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231019494", "title": "Multiple vulnerabilities in PHP Surveyor", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: php_surveyor_xss_sql.nasl 7287 2017-09-27 06:56:51Z cfischer $\n#\n# Multiple vulnerabilities in PHP Surveyor\n#\n# Authors:\n# Josh Zlatin-Amishav\n#\n# Copyright:\n# Copyright (C) 2005 Josh Zlatin-Amishav\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.19494\");\n script_version(\"$Revision: 7287 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-27 08:56:51 +0200 (Wed, 27 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2006-03-26 17:55:15 +0200 (Sun, 26 Mar 2006)\");\n script_cve_id(\"CVE-2005-2380\", \"CVE-2005-2381\", \"CVE-2005-2398\", \"CVE-2005-2399\");\n script_bugtraq_id(14329, 14331);\n script_xref(name:\"OSVDB\", value:\"18086\");\n script_xref(name:\"OSVDB\", value:\"18087\");\n script_xref(name:\"OSVDB\", value:\"18088\");\n script_xref(name:\"OSVDB\", value:\"18089\");\n script_xref(name:\"OSVDB\", value:\"18090\");\n script_xref(name:\"OSVDB\", value:\"18091\");\n script_xref(name:\"OSVDB\", value:\"18092\");\n script_xref(name:\"OSVDB\", value:\"18093\");\n script_xref(name:\"OSVDB\", value:\"18094\");\n script_xref(name:\"OSVDB\", value:\"18095\");\n script_xref(name:\"OSVDB\", value:\"18096\");\n script_xref(name:\"OSVDB\", value:\"18097\");\n script_xref(name:\"OSVDB\", value:\"18098\");\n script_xref(name:\"OSVDB\", value:\"18099\");\n script_xref(name:\"OSVDB\", value:\"18100\");\n script_xref(name:\"OSVDB\", value:\"18101\");\n script_xref(name:\"OSVDB\", value:\"18102\");\n script_xref(name:\"OSVDB\", value:\"18103\");\n script_xref(name:\"OSVDB\", value:\"18104\");\n script_xref(name:\"OSVDB\", value:\"18105\");\n script_xref(name:\"OSVDB\", value:\"18107\");\n script_xref(name:\"OSVDB\", value:\"18108\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Multiple vulnerabilities in PHP Surveyor\");\n script_category(ACT_ATTACK);\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright (C) 2005 Josh Zlatin-Amishav\");\n script_dependencies(\"find_service.nasl\", \"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n\n script_xref(name:\"URL\", value:\"http://securityfocus.com/archive/1/405735\");\n\n tag_summary = \"The remote host is running PHP Surveyor, a set of PHP scripts used to\n develop, publish and collect responses from surveys.\n\n The remote version of this software contains multiple vulnerabilities\n that can lead to SQL injection, path disclosure and cross-site scripting.\";\n\n tag_solution = \"Unknown at this time.\";\n\n script_tag(name:\"solution\", value:tag_solution);\n script_tag(name:\"summary\", value:tag_summary);\n\n script_tag(name:\"qod_type\", value:\"remote_active\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port( default:80 );\nif( ! can_host_php( port:port ) ) exit( 0 );\n\nforeach dir( make_list_unique( \"/\", cgi_dirs( port:port ) ) ) {\n\n if( dir == \"/\" ) dir = \"\";\n url = string( dir, \"/admin/admin.php?sid='\" );\n\n if( http_vuln_check( port:port, url:url, pattern:\"<title>PHP Surveyor</title>\", extra_check:\"not a valid MySQL result\" ) ) {\n report = report_vuln_url( port:port, url:url );\n security_message( port:port, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:08:44", "bulletinFamily": "scanner", "description": "The remote host is running PHP Surveyor, a set of PHP scripts used to develop, publish and collect responses from surveys. \n\nThe remote version of this software contains multiple vulnerabilities that can lead to SQL injection, path disclosure and cross-site scripting.", "modified": "2018-11-15T00:00:00", "id": "PHP_SURVEYOR_XSS_SQL.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=19494", "published": "2005-08-24T00:00:00", "title": "PHP Surveyor Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# Josh Zlatin-Amishav GPLv2 \n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(19494);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2018/11/15 20:50:18\");\n\n script_cve_id(\n \"CVE-2005-2380\", \n \"CVE-2005-2381\", \n \"CVE-2005-2398\", \n \"CVE-2005-2399\"\n );\n script_bugtraq_id(14329, 14331);\n\n script_name(english:\"PHP Surveyor Multiple Vulnerabilities\");\n script_summary(english:\"Checks for SQL injection in admin.php\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A remote web application is affected by multiple vulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running PHP Surveyor, a set of PHP scripts used to\ndevelop, publish and collect responses from surveys. \n\nThe remote version of this software contains multiple vulnerabilities\nthat can lead to SQL injection, path disclosure and cross-site\nscripting.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/405735\" );\n script_set_attribute(attribute:\"solution\", value:\"Unknown at this time.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/08/24\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/07/19\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:phpsurveyor:phpsurveyor\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n\n script_family(english:\"CGI abuses\");\n script_copyright(english:\"Copyright (C) 2005-2018 Josh Zlatin-Amishav\");\n\n script_dependencies(\"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_keys(\"www/PHP\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"url_func.inc\");\n\nport = get_http_port(default:80);\nif(!get_port_state(port))exit(0);\nif(!can_host_php(port:port)) exit(0);\n\nforeach dir ( cgi_dirs() )\n{\n req = http_get(\n item:string(\n dir, \"/admin/admin.php?\",\n \"sid='\"\n ), \n port:port\n );\n res = http_keepalive_send_recv(port:port, data:req, bodyonly:TRUE);\n\n if ( (\"<title>PHP Surveyor</title>\" >< res) && (\"not a valid MySQL result\" >< res))\n {\n security_hole(port);\n\tset_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n\tset_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);\n exit(0);\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}