CVE-2005-4586

Name of the Vulnerable Software and Affected Versions PHPSurveyor versions prior to 0.991

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the sql parameter in "browse.php" and the sid, lid, gid, and token parameters in certain PHP scripts.

Recommendations For versions prior to 0.991, update to version 0.991 or later to resolve the issue. As a temporary workaround, consider restricting access to the "browse.php" script and the parameters sid, lid, gid, and token in affected PHP scripts to minimize the risk of exploitation.