CVE-2005-2381

Name of the Vulnerable Software and Affected Versions PHP Surveyor version 0.98

Description The issue allows remote attackers to obtain sensitive information via direct requests to various PHP files, including question.php, survey.php, group.php, database.php, sessioncontrol.php, html.php, or by providing invalid parameters such as qid to dumpquestion.php or lid to labels.php or dumplabel.php, which reveal the path in an error message.

Recommendations For PHP Surveyor version 0.98, consider restricting access to the sensitive PHP files and validating user input to prevent the disclosure of sensitive information. As a temporary workaround, restrict access to the question.php, survey.php, group.php, database.php, sessioncontrol.php, and html.php files, and validate the qid and lid parameters in dumpquestion.php, labels.php, and dumplabel.php to prevent error messages that reveal the path.