CVE-2006-2065
Last modified
CVE-2006-2065 is a vulnerability of currently unknown severity. SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the database, which are then processed by the thissurvey['language'] variable.. EPSS estimates a 1.71% chance of exploitation in the next 30 days.
Description
SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the database, which are then processed by the thissurvey['language'] variable.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Phpsurveyor | Phpsurveyor | 0.96_beta |
| Phpsurveyor | Phpsurveyor | 0.97_beta |
| Phpsurveyor | Phpsurveyor | 0.98_beta |
| Phpsurveyor | Phpsurveyor | 0.98_stable |
| Phpsurveyor | Phpsurveyor | 0.99 |
| Phpsurveyor | Phpsurveyor | 0.991 |
| Phpsurveyor | Phpsurveyor | 0.992 |
| Phpsurveyor | Phpsurveyor | 0.993 |
| Phpsurveyor | Phpsurveyor | 0.995 |
References
- http://secunia.com/advisories/19761Patch, Vendor Advisory
- http://secunia.com/advisories/19761Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-2065?
How severe is CVE-2006-2065?
How do I fix CVE-2006-2065?
Are you affected by CVE-2006-2065?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST