| VID |
21824 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The PHP Surveyor is vulnerable to multiple vulnerabilities which exist in version 0.98 and possibly other versions. PHP Surveyor is a set of PHP scripts used to develop, publish online Surveys and collect responses from Surveys. PHP Surveyor version 0.98 and possibly other versions are vulnerable to multiple SQL injection, caused by improper validation of user-supplied input in the sid, start, id, and lid parameters. These vulnerabilities could permit a remote attacker to pass malicious input to database queries, potentially resulting in data exposure, modification of the query logic, or even data modification or attacks against the database itself. In addition to these vulnerabilities, those softwares are also vulnerable to path disclosure and cross-site scripting vulnerabilities.
* References:
http://securityfocus.com/archive/1/405735
http://secunia.com/advisories/16123/
* Platforms Affected:
phpSurveyor, PHP Surveyor version 0.98 and possibly other versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PHP Surveyor (0.991 or later), available from the phpSurveyor Web site at http://phpsurveyor.org/ |
| Related URL |
CVE-2005-2380,CVE-2005-2381,CVE-2005-2398,CVE-2005-2399 (CVE) |
| Related URL |
14329,14331 (SecurityFocus) |
| Related URL |
21444,21450 (ISS) |
|
