Phpsurveyor » Phpsurveyor : Security Vulnerabilities, CVEs,
SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the database, which are then processed by the thissurvey['language'] variable.
Max CVSS
7.5
EPSS Score
0.78%
Published
2006-04-27
Updated
2018-10-18
Multiple SQL injection vulnerabilities in PHPSurveyor before 0.991 allow remote attackers to execute arbitrary SQL commands via the (1) sql parameter in browse.php and the (2) sid, (3) lid, (4) gid, and (5) token parameters in certain PHP scripts.
Max CVSS
7.5
EPSS Score
0.75%
Published
2005-12-30
Updated
2008-09-05
2 vulnerabilities found