Unrated severityNVD Advisory· Published Apr 27, 2006· Updated Jun 16, 2026
CVE-2006-2065
CVE-2006-2065
Description
SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the database, which are then processed by the thissurvey['language'] variable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10cpe:2.3:a:phpsurveyor:phpsurveyor:0.96_beta:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:phpsurveyor:phpsurveyor:0.96_beta:*:*:*:*:*:*:*
- cpe:2.3:a:phpsurveyor:phpsurveyor:0.97_beta:*:*:*:*:*:*:*
- cpe:2.3:a:phpsurveyor:phpsurveyor:0.98_beta:*:*:*:*:*:*:*
- cpe:2.3:a:phpsurveyor:phpsurveyor:0.98_stable:*:*:*:*:*:*:*
- cpe:2.3:a:phpsurveyor:phpsurveyor:0.99:*:*:*:*:*:*:*
- cpe:2.3:a:phpsurveyor:phpsurveyor:0.991:*:*:*:*:*:*:*
- cpe:2.3:a:phpsurveyor:phpsurveyor:0.992:*:*:*:*:*:*:*
- cpe:2.3:a:phpsurveyor:phpsurveyor:0.993:*:*:*:*:*:*:*
- cpe:2.3:a:phpsurveyor:phpsurveyor:0.995:*:*:*:*:*:*:*
- (no CPE)range: <=0.995
Patches
Vulnerability mechanics
References
8- secunia.com/advisories/19761nvdPatchVendor Advisory
- retrogod.altervista.org/phpsurveyor_0995_xpl.htmlnvdExploit
- securitytracker.com/idnvd
- www.osvdb.org/24787nvd
- www.securityfocus.com/archive/1/431508/100/0/threadednvd
- www.securityfocus.com/bid/17633nvd
- www.vupen.com/english/advisories/2006/1451nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/25970nvd
News mentions
0No linked articles in our index yet.