PHPSurveyor Sid SQL Injection Flaw Network Vulnerability

Summary

The remote web server contains a PHP script that is affected by a SQL injection flaw. Description: The remote host is running PHPSurveyor, a set of PHP scripts that interact with MySQL to develop surveys, publish surveys and collect responses to surveys. The remote version of this software is prone to a SQL injection flaw. Using specially crafted requests, an attacker can manipulate database queries on the remote system.

Solution

Upgrade to PHPSurveyor version 0.991 or later.

References

http://sourceforge.net/project/shownotes.php?release_id=381050&group_id=74605
http://www.phpsurveyor.org/mantis/view.php?id=286

Updated on 2015-03-25

Severity

Classification

CVE CVE-2005-4586

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AproxEngine Multiple Remote Input Validation Vulnerabilities
AIOCP 'cp_html2xhtmlbasic.php' Remote File Inclusion Vulnerability
AdMentor Login Flaw
Adobe ColdFusion Information Disclosure Vulnerability
Apple Safari PDF Javascript Security Bypass Bypass Vulnerability

PHPSurveyor sid SQL Injection Flaw

Take action and discover your vulnerabilities