PT-2005-3313 · Php · Php Surveyor
Tgo
·
Published
2005-07-27
·
Updated
2016-10-18
·
CVE-2005-2399
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
PHP Surveyor version 0.98
Description
The issue allows remote attackers to trigger SQL errors by omitting parameters to specific API endpoints, including "browse.php", "export.php", "conditions.php", and "spss.php".
Recommendations
For PHP Surveyor version 0.98, consider restricting access to the mentioned API endpoints until a fix is available, and ensure that all parameters are properly validated and sanitized to prevent SQL errors.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Php Surveyor