Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2065

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2065
Last Modified 05 Sep 2008 05:03:34
Published 27 Apr 2006 09:34:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2065

Summary

SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the database, which are then processed by the thissurvey['language'] variable.

Vulnerable Systems

Application

  • Phpsurveyor 0.96 Beta

  • Phpsurveyor 0.97 Beta

  • Phpsurveyor 0.98 Beta

  • Phpsurveyor 0.98 Stable

  • Phpsurveyor 0.99

  • Phpsurveyor 0.991

  • Phpsurveyor 0.992

  • Phpsurveyor 0.993

  • Phpsurveyor 0.995


References

SECUNIA - 19761

SECTRACK - 1015970

MISC - http://retrogod.altervista.org/phpsurveyor_0995_xpl.html

XF - phpsurveyor-surveyid-shell-execution(25970)

BID - 17633

BUGTRAQ - 20060420 PHPSurveyor <= 0.995 'save.php/surveyid' remote cmmnds xctn

OSVDB - 24787


Last Updated: 27 May 2016 10:42:19