Multiple SQL injection vulnerabilities in PHPSurveyor prior to 0.991 allow remote malicious users to execute arbitrary SQL commands via the (1) sql parameter in browse.php and the (2) sid, (3) lid, (4) gid, and (5) token parameters in certain PHP scripts.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpsurveyor phpsurveyor 0.99 |