CVE-2005-4586 Information

Description

Multiple SQL injection vulnerabilities in PHPSurveyor before 0.991 allow remote attackers to execute arbitrary SQL commands via the (1) sql parameter in browse.php and the (2) sid (3) lid (4) gid and (5) token parameters in certain PHP scripts.

Reference

http://secunia.com/advisories/18167 http://sourceforge.net/project/shownotes.php?release_id=381050&group_id=74605 http://www.osvdb.org/22039 http://www.osvdb.org/22184 http://www.phpsurveyor.org/mantis/view.php?id=286 http://www.phpsurveyor.org/mantis/view.php?id=287 http://www.securityfocus.com/bid/16077