CVE-2006-2065

Name of the Vulnerable Software and Affected Versions PHPSurveyor versions 0.995 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands via the surveyid cookie in the save.php file. This could potentially be leveraged to execute arbitrary PHP code by inserting directory traversal sequences into the database, which are then processed by the thissurvey['language'] variable.

Recommendations For PHPSurveyor versions 0.995 and earlier, consider restricting access to the save.php file until a fix is available. As a temporary workaround, avoid using the surveyid cookie in the save.php file to minimize the risk of exploitation.