CVE-2005-2398

critical

Description

Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows remote attackers to execute arbitrary SQL commands via (1) the sid, start, and id parameters to browse.php, the sid parameter to (2) dataentry.php, (3) export.php, (4) admin.php, (5) conditions.php, (6) spss.php, (7) deletesurvey.php, (8) dumpsurvey.php, or (9) statistics.php, or the lid parameter to (10) labels.php or (11) dumplabel.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/21444

http://www.securityfocus.com/bid/14331

http://www.osvdb.org/18108

http://www.osvdb.org/18107

http://www.osvdb.org/18106

http://www.osvdb.org/18105

http://www.osvdb.org/18104

http://www.osvdb.org/18103

http://www.osvdb.org/18102

http://www.osvdb.org/18101

http://www.osvdb.org/18100

http://www.osvdb.org/18099

http://www.osvdb.org/18098

http://securitytracker.com/id?1014538

http://secunia.com/advisories/16123

http://marc.info/?l=bugtraq&m=112188282401681&w=2

Details

Source: Mitre, NVD

Published: 2005-07-27

Updated: 2017-07-11

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical