CVE-2006-2065

Опубликовано: 27 апр. 2006

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the database, which are then processed by the thissurvey['language'] variable.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:phpsurveyor:phpsurveyor:0.96_beta:*:*:*:*:*:*:*

cpe:2.3:a:phpsurveyor:phpsurveyor:0.97_beta:*:*:*:*:*:*:*

cpe:2.3:a:phpsurveyor:phpsurveyor:0.98_beta:*:*:*:*:*:*:*

cpe:2.3:a:phpsurveyor:phpsurveyor:0.98_stable:*:*:*:*:*:*:*

cpe:2.3:a:phpsurveyor:phpsurveyor:0.99:*:*:*:*:*:*:*

cpe:2.3:a:phpsurveyor:phpsurveyor:0.991:*:*:*:*:*:*:*

cpe:2.3:a:phpsurveyor:phpsurveyor:0.992:*:*:*:*:*:*:*

cpe:2.3:a:phpsurveyor:phpsurveyor:0.993:*:*:*:*:*:*:*

cpe:2.3:a:phpsurveyor:phpsurveyor:0.995:*:*:*:*:*:*:*

EPSS

Процентиль: 78%

0.01146

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-m79g-h2ww-gqhg

github

почти 4 года назад