Unrated severityNVD Advisory· Published Apr 27, 2006· Updated Apr 16, 2026
CVE-2006-2065
CVE-2006-2065
Description
SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the database, which are then processed by the thissurvey['language'] variable.
Affected products
9cpe:2.3:a:phpsurveyor:phpsurveyor:0.96_beta:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:phpsurveyor:phpsurveyor:0.96_beta:*:*:*:*:*:*:*
- cpe:2.3:a:phpsurveyor:phpsurveyor:0.97_beta:*:*:*:*:*:*:*
- cpe:2.3:a:phpsurveyor:phpsurveyor:0.98_beta:*:*:*:*:*:*:*
- cpe:2.3:a:phpsurveyor:phpsurveyor:0.98_stable:*:*:*:*:*:*:*
- cpe:2.3:a:phpsurveyor:phpsurveyor:0.99:*:*:*:*:*:*:*
- cpe:2.3:a:phpsurveyor:phpsurveyor:0.991:*:*:*:*:*:*:*
- cpe:2.3:a:phpsurveyor:phpsurveyor:0.992:*:*:*:*:*:*:*
- cpe:2.3:a:phpsurveyor:phpsurveyor:0.993:*:*:*:*:*:*:*
- cpe:2.3:a:phpsurveyor:phpsurveyor:0.995:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- secunia.com/advisories/19761nvdPatchVendor Advisory
- retrogod.altervista.org/phpsurveyor_0995_xpl.htmlnvdExploit
- securitytracker.com/idnvd
- www.osvdb.org/24787nvd
- www.securityfocus.com/archive/1/431508/100/0/threadednvd
- www.securityfocus.com/bid/17633nvd
- www.vupen.com/english/advisories/2006/1451nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/25970nvd
News mentions
0No linked articles in our index yet.