VYPR
Unrated severityNVD Advisory· Published Apr 27, 2006· Updated Jun 16, 2026

CVE-2006-2065

CVE-2006-2065

Description

SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the database, which are then processed by the thissurvey['language'] variable.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

10
  • cpe:2.3:a:phpsurveyor:phpsurveyor:0.96_beta:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:a:phpsurveyor:phpsurveyor:0.96_beta:*:*:*:*:*:*:*
    • cpe:2.3:a:phpsurveyor:phpsurveyor:0.97_beta:*:*:*:*:*:*:*
    • cpe:2.3:a:phpsurveyor:phpsurveyor:0.98_beta:*:*:*:*:*:*:*
    • cpe:2.3:a:phpsurveyor:phpsurveyor:0.98_stable:*:*:*:*:*:*:*
    • cpe:2.3:a:phpsurveyor:phpsurveyor:0.99:*:*:*:*:*:*:*
    • cpe:2.3:a:phpsurveyor:phpsurveyor:0.991:*:*:*:*:*:*:*
    • cpe:2.3:a:phpsurveyor:phpsurveyor:0.992:*:*:*:*:*:*:*
    • cpe:2.3:a:phpsurveyor:phpsurveyor:0.993:*:*:*:*:*:*:*
    • cpe:2.3:a:phpsurveyor:phpsurveyor:0.995:*:*:*:*:*:*:*
    • (no CPE)range: <=0.995

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.