Sql injection

2006-04-2713:34:00

PRIOn knowledge base

www.prio-n.com

9.1 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.5%

JSON

SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the database, which are then processed by the thissurvey[‘language’] variable.

CPENameOperatorVersion
phpsurveyoreq0.99
phpsurveyoreq0.97.0-beta
phpsurveyoreq0.96.0-beta
phpsurveyoreq0.992
phpsurveyoreq0.995
phpsurveyoreq0.993
phpsurveyoreq0.991
phpsurveyoreq0.98.0-stable
phpsurveyoreq0.98.0-beta

Name	Operator	Version
phpsurveyor	eq	0.99
phpsurveyor	eq	0.97.0-beta
phpsurveyor	eq	0.96.0-beta
phpsurveyor	eq	0.992
phpsurveyor	eq	0.995
phpsurveyor	eq	0.993
phpsurveyor	eq	0.991
phpsurveyor	eq	0.98.0-stable
phpsurveyor	eq	0.98.0-beta

References

retrogod.altervista.org/phpsurveyor_0995_xpl.html

secunia.com/advisories/19761

securitytracker.com/id?1015970

www.osvdb.org/24787

www.securityfocus.com/archive/1/431508/100/0/threaded

www.securityfocus.com/bid/17633

www.vupen.com/english/advisories/2006/1451

exchange.xforce.ibmcloud.com/vulnerabilities/25970