Lucene search

[email protected]NVD:CVE-2005-2398

HistoryJul 27, 2005 - 4:00 a.m.

CVE-2005-2398

2005-07-2704:00:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.6

Confidence

Low

EPSS

0.006

Percentile

78.3%

JSON

Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows remote attackers to execute arbitrary SQL commands via (1) the sid, start, and id parameters to browse.php, the sid parameter to (2) dataentry.php, (3) export.php, (4) admin.php, (5) conditions.php, (6) spss.php, (7) deletesurvey.php, (8) dumpsurvey.php, or (9) statistics.php, or the lid parameter to (10) labels.php or (11) dumplabel.php.

Affected configurations

Nvd

Node

php_surveyorphp_surveyorMatch0.98

VendorProductVersionCPE
php_surveyorphp_surveyor0.98cpe:2.3:a:php_surveyor:php_surveyor:0.98:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
php_surveyor	php_surveyor	0.98	cpe:2.3:a:php_surveyor:php_surveyor:0.98:::::::*

References

marc.info/?l=bugtraq&m=112188282401681&w=2

secunia.com/advisories/16123

securitytracker.com/id?1014538

www.osvdb.org/18098

www.osvdb.org/18099

www.osvdb.org/18100

www.osvdb.org/18101

www.osvdb.org/18102

www.osvdb.org/18103

www.osvdb.org/18104

www.osvdb.org/18105

www.osvdb.org/18106

www.osvdb.org/18107

www.osvdb.org/18108

www.securityfocus.com/bid/14331

exchange.xforce.ibmcloud.com/vulnerabilities/21444

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.6

Confidence

Low

EPSS

0.006

Percentile

78.3%

JSON

Related for NVD:CVE-2005-2398

cvelist1 cve1 openvas1 nessus1