CVE-2006-2065 - Vulnerability Details - OpenCVE

SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the database, which are then processed by the thissurvey['language'] variable.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Phpsurveyor	Phpsurveyor

Configuration 1 [-]

OR	cpe:2.3:a:phpsurveyor:phpsurveyor:0.96_beta:::::::*
	cpe:2.3:a:phpsurveyor:phpsurveyor:0.97_beta:::::::*
	cpe:2.3:a:phpsurveyor:phpsurveyor:0.98_beta:::::::*
	cpe:2.3:a:phpsurveyor:phpsurveyor:0.98_stable:::::::*
	cpe:2.3:a:phpsurveyor:phpsurveyor:0.99:::::::*
	cpe:2.3:a:phpsurveyor:phpsurveyor:0.991:::::::*
	cpe:2.3:a:phpsurveyor:phpsurveyor:0.992:::::::*
	cpe:2.3:a:phpsurveyor:phpsurveyor:0.993:::::::*
	cpe:2.3:a:phpsurveyor:phpsurveyor:0.995:::::::*

No data.

References

Link	Providers
http://retrogod.altervista.org/phpsurveyor_0995_xpl.html
http://secunia.com/advisories/19761
http://securitytracker.com/id?1015970
http://www.osvdb.org/24787
http://www.securityfocus.com/archive/1/431508/100/0/threaded
http://www.securityfocus.com/bid/17633
http://www.vupen.com/english/advisories/2006/1451
https://exchange.xforce.ibmcloud.com/vulnerabilities/25970

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-04-27T10:00:00

Updated: 2024-08-07T17:35:31.130Z

Reserved: 2006-04-26T00:00:00

Link: CVE-2006-2065

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-04-27T13:34:00.000

Modified: 2024-11-21T00:10:28.500

Link: CVE-2006-2065

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-04-20T00:00:00", "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the database, which are then processed by the thissurvey['language'] variable."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "17633", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17633"}, {"name": "20060420 PHPSurveyor <= 0.995 'save.php/surveyid' remote cmmnds xctn", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/431508/100/0/threaded"}, {"name": "19761", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19761"}, {"name": "1015970", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015970"}, {"name": "phpsurveyor-surveyid-shell-execution(25970)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25970"}, {"tags": ["x_refsource_MISC"], "url": "http://retrogod.altervista.org/phpsurveyor_0995_xpl.html"}, {"name": "24787", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24787"}, {"name": "ADV-2006-1451", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1451"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-2065", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the database, which are then processed by the thissurvey['language'] variable."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "17633", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17633"}, {"name": "20060420 PHPSurveyor <= 0.995 'save.php/surveyid' remote cmmnds xctn", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/431508/100/0/threaded"}, {"name": "19761", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19761"}, {"name": "1015970", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015970"}, {"name": "phpsurveyor-surveyid-shell-execution(25970)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25970"}, {"name": "http://retrogod.altervista.org/phpsurveyor_0995_xpl.html", "refsource": "MISC", "url": "http://retrogod.altervista.org/phpsurveyor_0995_xpl.html"}, {"name": "24787", "refsource": "OSVDB", "url": "http://www.osvdb.org/24787"}, {"name": "ADV-2006-1451", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1451"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T17:35:31.130Z"}, "title": "CVE Program Container", "references": [{"name": "17633", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/17633"}, {"name": "20060420 PHPSurveyor <= 0.995 'save.php/surveyid' remote cmmnds xctn", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/431508/100/0/threaded"}, {"name": "19761", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19761"}, {"name": "1015970", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1015970"}, {"name": "phpsurveyor-surveyid-shell-execution(25970)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25970"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://retrogod.altervista.org/phpsurveyor_0995_xpl.html"}, {"name": "24787", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/24787"}, {"name": "ADV-2006-1451", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/1451"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-2065", "datePublished": "2006-04-27T10:00:00", "dateReserved": "2006-04-26T00:00:00", "dateUpdated": "2024-08-07T17:35:31.130Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpsurveyor:phpsurveyor:0.96_beta:*:*:*:*:*:*:*", "matchCriteriaId": "1F82FE01-FC91-4259-A53D-4D03FCB0DCCA", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpsurveyor:phpsurveyor:0.97_beta:*:*:*:*:*:*:*", "matchCriteriaId": "086A5B9A-B3A2-42FC-B76C-D61225217762", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpsurveyor:phpsurveyor:0.98_beta:*:*:*:*:*:*:*", "matchCriteriaId": "7DAD67BC-BA23-4692-B333-D5F412DB7B88", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpsurveyor:phpsurveyor:0.98_stable:*:*:*:*:*:*:*", "matchCriteriaId": "F9467C7F-8283-4717-AA0F-AB1E745C5CA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpsurveyor:phpsurveyor:0.99:*:*:*:*:*:*:*", "matchCriteriaId": "1BA0CC28-1114-4CFC-B445-2FDF5D972AD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpsurveyor:phpsurveyor:0.991:*:*:*:*:*:*:*", "matchCriteriaId": "1CCB1FA7-3DA0-42C1-B426-B07A15C86F0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpsurveyor:phpsurveyor:0.992:*:*:*:*:*:*:*", "matchCriteriaId": "BDAC784E-B1D7-486E-940C-09BC34855BBF", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpsurveyor:phpsurveyor:0.993:*:*:*:*:*:*:*", "matchCriteriaId": "B6D7CDFC-5911-431E-ABD9-E864A71F8146", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpsurveyor:phpsurveyor:0.995:*:*:*:*:*:*:*", "matchCriteriaId": "8A0EF001-46CB-4D68-B451-5206E8F6DD3C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the database, which are then processed by the thissurvey['language'] variable."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en save.php en PHPSurveyor 0.995 y versiones anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de la cookie surveyid. NOTA: este caso podr\u00eda ser aprovechado para ejecutar c\u00f3digo PHP arbitrario, como se demuestra mediante la inserci\u00f3n secuencias de salto de directorio dentro de la base de dato, que luego son procesado por la variable thissurvey['language']."}], "id": "CVE-2006-2065", "lastModified": "2024-11-21T00:10:28.500", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-04-27T13:34:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://retrogod.altervista.org/phpsurveyor_0995_xpl.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/19761"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1015970"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/24787"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/431508/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/17633"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/1451"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25970"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://retrogod.altervista.org/phpsurveyor_0995_xpl.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/19761"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1015970"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/24787"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/431508/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/17633"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/1451"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25970"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}