PHPSurveyor SurveyID Parameter SQL Injection Vulnerability
BID:17633
Info
PHPSurveyor SurveyID Parameter SQL Injection Vulnerability
| Bugtraq ID: | 17633 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 20 2006 12:00AM |
| Updated: | Apr 20 2006 10:41PM |
| Credit: | Discovered by rgod <[email protected]>. |
| Vulnerable: |
PHPSurveyor PHPSurveyor 0.995 |
| Not Vulnerable: | |
Discussion
PHPSurveyor SurveyID Parameter SQL Injection Vulnerability
PHPSurveyor is prone to an SQL-injection vulnerability.
Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
PHPSurveyor 0.995 is vulnerable to this issue; other versions may also be affected.
PHPSurveyor is prone to an SQL-injection vulnerability.
Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
PHPSurveyor 0.995 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
PHPSurveyor SurveyID Parameter SQL Injection Vulnerability
This issue can be exploited through a web client.
The following exploit is available:
This issue can be exploited through a web client.
The following exploit is available:
Solution / Fix
PHPSurveyor SurveyID Parameter SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
References
PHPSurveyor SurveyID Parameter SQL Injection Vulnerability
References:
References: