Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2006-2065

Published: 27/04/2006 Updated: 18/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

SQL injection vulnerability in save.php in PHPSurveyor 0.995 and previous versions allows remote malicious users to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the database, which are then processed by the thissurvey['language'] variable.

Vulnerable Product Search on Vulmon Subscribe to Product

phpsurveyor phpsurveyor 0.99

phpsurveyor phpsurveyor 0.97 beta

phpsurveyor phpsurveyor 0.96 beta

phpsurveyor phpsurveyor 0.992

phpsurveyor phpsurveyor 0.995

phpsurveyor phpsurveyor 0.993

phpsurveyor phpsurveyor 0.991

phpsurveyor phpsurveyor 0.98 stable

phpsurveyor phpsurveyor 0.98 beta

Exploits

Exploit DB: PHPSurveyor 0.995 - 'surveyid' Remote Command Execution
#!/usr/bin/php -q -d short_open_tag=on <? echo "********************************************************************\r\n"; echo "* PHPSurveyor <= 0995 'savephp/surveyid' remote cmmnds xctn *\r\n"; echo "* by rgod rgod@autisticiorg site: retrogodaltervistaorg *\r\n"; echo "* a special tnX goes to Frozen for his dork! ...

References

NVD-CWE-Otherhttp://retrogod.altervista.org/phpsurveyor_0995_xpl.htmlhttp://securitytracker.com/id?1015970http://secunia.com/advisories/19761http://www.securityfocus.com/bid/17633http://www.osvdb.org/24787http://www.vupen.com/english/advisories/2006/1451https://exchange.xforce.ibmcloud.com/vulnerabilities/25970http://www.securityfocus.com/archive/1/431508/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/1701/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28995CVE-2024-36680CVE-2024-35537unauthorizedCVE-2024-21518CVE-2024-37673cross-site scriptingSSRFCVE-2024-6241
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook