MidnightBSD

Advisories for php_surveyor

CVE-2005-2380 MEDIUM

Multiple cross-site scripting vulnerabilities in PHP Surveyor 0.98 allow remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) start, and (3) id parameters to browse.php, or the sid parameter to (4) dataentry.php or (5) export.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php_surveyor php_surveyor 0.98
CVE-2005-2381 MEDIUM

PHP Surveyor 0.98 allows remote attackers to obtain sensitive information via a direct request to (1) question.php, (2) survey.php, or (3) group.php in the root directory, a direct request to (4) database.php, (5) sessioncontrol.php, (6) html.php, (7) sessioncontrol.php, an invalid (8) qid parameter to dumpquestion.php, or an invalid lid parameter to (9) labels.php or (10) dumplabel.php, which reveal the path in an error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php_surveyor php_surveyor 0.98
CVE-2005-2398 HIGH

Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows remote attackers to execute arbitrary SQL commands via (1) the sid, start, and id parameters to browse.php, the sid parameter to (2) dataentry.php, (3) export.php, (4) admin.php, (5) conditions.php, (6) spss.php, (7) deletesurvey.php, (8) dumpsurvey.php, or (9) statistics.php, or the lid parameter to (10) labels.php or (11) dumplabel.php.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php_surveyor php_surveyor 0.98
CVE-2005-2399 HIGH

PHP Surveyor 0.98 allows remote attackers to trigger SQL errors via missing parameters to (1) browse.php, (2) export.php, (3) conditions.php, or (4) spss.php.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php_surveyor php_surveyor 0.98