CVE-2005-2398 Information
Description
Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows remote attackers to execute arbitrary SQL commands via (1) the sid start and id parameters to browse.php the sid parameter to (2) dataentry.php (3) export.php (4) admin.php (5) conditions.php (6) spss.php (7) deletesurvey.php (8) dumpsurvey.php or (9) statistics.php or the lid parameter to (10) labels.php or (11) dumplabel.php.
Reference
http://marc.info/?l=bugtraq&m=112188282401681&w=2 http://secunia.com/advisories/16123 http://securitytracker.com/id?1014538 http://www.osvdb.org/18098 http://www.osvdb.org/18099 http://www.osvdb.org/18100 http://www.osvdb.org/18101 http://www.osvdb.org/18102 http://www.osvdb.org/18103 http://www.osvdb.org/18104 http://www.osvdb.org/18105 http://www.osvdb.org/18106 http://www.osvdb.org/18107 http://www.osvdb.org/18108 http://www.securityfocus.com/bid/14331 https://exchange.xforce.ibmcloud.com/vulnerabilities/21444
Share on: