CVE-2005-2398

Sažetak

Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows remote attackers to execute arbitrary SQL commands via (1) the sid, start, and id parameters to browse.php, the sid parameter to (2) dataentry.php, (3) export.php, (4) admin.php, (5) conditions.php, (6) spss.php, (7) deletesurvey.php, (8) dumpsurvey.php, or (9) statistics.php, or the lid parameter to (10) labels.php or (11) dumplabel.php.

Reference

http://marc.info/?l=bugtraq&m=112188282401681&w=2
http://secunia.com/advisories/16123
http://securitytracker.com/id?1014538
http://www.osvdb.org/18098
http://www.osvdb.org/18099
http://www.osvdb.org/18100
http://www.osvdb.org/18101
http://www.osvdb.org/18102
http://www.osvdb.org/18103
http://www.osvdb.org/18104
http://www.osvdb.org/18105
http://www.osvdb.org/18106
http://www.osvdb.org/18107
http://www.osvdb.org/18108
http://www.securityfocus.com/bid/14331
https://exchange.xforce.ibmcloud.com/vulnerabilities/21444

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

11-07-2017 - 01:32

Objavljeno

27-07-2005 - 04:00