CVE-2006-2065
CVE-2006-2065
SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the database, which are then processed by the thissurvey['language'] variable.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/1701unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://retrogod.altervista.org/phpsurveyor_0995_xpl.htmlhttp://secunia.com/advisories/19761http://securitytracker.com/id?1015970https://exchange.xforce.ibmcloud.com/vulnerabilities/25970http://www.osvdb.org/24787http://www.securityfocus.com/archive/1/431508/100/0/threadedhttp://www.securityfocus.com/bid/17633http://www.vupen.com/english/advisories/2006/1451