Unrated severityNVD Advisory· Published Jul 27, 2005· Updated Apr 16, 2026

CVE-2005-2398

Description

Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows remote attackers to execute arbitrary SQL commands via (1) the sid, start, and id parameters to browse.php, the sid parameter to (2) dataentry.php, (3) export.php, (4) admin.php, (5) conditions.php, (6) spss.php, (7) deletesurvey.php, (8) dumpsurvey.php, or (9) statistics.php, or the lid parameter to (10) labels.php or (11) dumplabel.php.

Affected products

Php Surveyor/PHP Surveyor
cpe:2.3:a:php_surveyor:php_surveyor:0.98:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/16123nvdVendor Advisory
marc.infonvd
securitytracker.com/idnvd
www.osvdb.org/18098nvd
www.osvdb.org/18099nvd
www.osvdb.org/18100nvd
www.osvdb.org/18101nvd
www.osvdb.org/18102nvd
www.osvdb.org/18103nvd
www.osvdb.org/18104nvd
www.osvdb.org/18105nvd
www.osvdb.org/18106nvd
www.osvdb.org/18107nvd
www.osvdb.org/18108nvd
www.securityfocus.com/bid/14331nvd
exchange.xforce.ibmcloud.com/vulnerabilities/21444nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000