Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4586

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-4586
Last Modified 05 Sep 2008 04:57:15
Published 30 Dec 2005 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4586

Summary

Multiple SQL injection vulnerabilities in PHPSurveyor before 0.991 allow remote attackers to execute arbitrary SQL commands via the (1) sql parameter in browse.php and the (2) sid, (3) lid, (4) gid, and (5) token parameters in certain PHP scripts.

Vulnerable Systems

Application

  • Phpsurveyor 0.99


References

BID - 16077

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=381050&group_id=74605

SECUNIA - 18167

CONFIRM - http://www.phpsurveyor.org/mantis/view.php?id=287

CONFIRM - http://www.phpsurveyor.org/mantis/view.php?id=286

OSVDB - 22184

OSVDB - 22039


Last Updated: 27 May 2016 10:41:22