MidnightBSD

Advisories for phpsurveyor

CVE-2005-4586 HIGH

Multiple SQL injection vulnerabilities in PHPSurveyor before 0.991 allow remote attackers to execute arbitrary SQL commands via the (1) sql parameter in browse.php and the (2) sid, (3) lid, (4) gid, and (5) token parameters in certain PHP scripts.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpsurveyor phpsurveyor 0.99
CVE-2006-2065 HIGH

SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the database, which are then processed by the thissurvey['language'] variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpsurveyor phpsurveyor 0.99
phpsurveyor phpsurveyor 0.98_stable
phpsurveyor phpsurveyor 0.96_beta
phpsurveyor phpsurveyor 0.97_beta
phpsurveyor phpsurveyor 0.991
phpsurveyor phpsurveyor 0.992
phpsurveyor phpsurveyor 0.995
phpsurveyor phpsurveyor 0.993
phpsurveyor phpsurveyor 0.98_beta