CVE-2005-2398

Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows remote attackers to execute arbitrary SQL commands via (1) the sid, start, and id parameters to browse.php, the sid parameter to (2) dataentry.php, (3) export.php, (4) admin.php, (5) conditions.php, (6) spss.php, (7) deletesurvey.php, (8) dumpsurvey.php, or (9) statistics.php, or the lid parameter to (10) labels.php or (11) dumplabel.php.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=112188282401681&w=2
http://secunia.com/advisories/16123	Vendor Advisory
http://securitytracker.com/id?1014538
http://www.osvdb.org/18098
http://www.osvdb.org/18099
http://www.osvdb.org/18100
http://www.osvdb.org/18101
http://www.osvdb.org/18102
http://www.osvdb.org/18103
http://www.osvdb.org/18104
http://www.osvdb.org/18105
http://www.osvdb.org/18106
http://www.osvdb.org/18107
http://www.osvdb.org/18108
http://www.securityfocus.com/bid/14331
https://exchange.xforce.ibmcloud.com/vulnerabilities/21444
http://marc.info/?l=bugtraq&m=112188282401681&w=2
http://secunia.com/advisories/16123	Vendor Advisory
http://securitytracker.com/id?1014538
http://www.osvdb.org/18098
http://www.osvdb.org/18099
http://www.osvdb.org/18100
http://www.osvdb.org/18101
http://www.osvdb.org/18102
http://www.osvdb.org/18103
http://www.osvdb.org/18104
http://www.osvdb.org/18105
http://www.osvdb.org/18106
http://www.osvdb.org/18107
http://www.osvdb.org/18108
http://www.securityfocus.com/bid/14331
https://exchange.xforce.ibmcloud.com/vulnerabilities/21444

Configurations

Configuration 1 (hide)

cpe:2.3:a:php_surveyor:php_surveyor:0.98:*:*:*:*:*:*:*

History

20 Nov 2024, 23:59

Information

Published : 2005-07-27 04:00

Updated : 2025-04-03 01:03

NVD link : CVE-2005-2398

Mitre link : CVE-2005-2398

CVE.ORG link : CVE-2005-2398

JSON object : View

Products Affected

php_surveyor

php_surveyor

CWE

NVD-CWE-Other

{"id": "CVE-2005-2398", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2005-07-27T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=112188282401681&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/16123", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1014538", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/18098", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/18099", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/18100", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/18101", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/18102", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/18103", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/18104", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/18105", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/18106", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/18107", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/18108", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/14331", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21444", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=112188282401681&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/16123", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1014538", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/18098", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/18099", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/18100", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/18101", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/18102", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/18103", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/18104", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/18105", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/18106", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/18107", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/18108", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/14331", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21444", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows remote attackers to execute arbitrary SQL commands via (1) the sid, start, and id parameters to browse.php, the sid parameter to (2) dataentry.php, (3) export.php, (4) admin.php, (5) conditions.php, (6) spss.php, (7) deletesurvey.php, (8) dumpsurvey.php, or (9) statistics.php, or the lid parameter to (10) labels.php or (11) dumplabel.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n de SQL en PHP Surveyor 0.98 permite que atacantes remotos ejecuten comandos SQL mediante: (1) par\u00e1metros sid, start, e id en browse.php, par\u00e1metro sid en (2) dataentry.php, (3) export.php, (4) admin.php, (5) conditions.php, (6) spss.php, (7) deletesurvey.php, (8) dumpsurvey.php, y (9) statistics.php, y par\u00e1metro lid en (10) labels.php y (11) dumplabel.php."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:php_surveyor:php_surveyor:0.98:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78E91066-133F-4946-B355-A951753A3D3F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.5 /10