mod_survey For Apache ENV Tags SQL Injection

High Nessus Plugin ID 11609


The web server module on the remote host has a SQL injection vulnerability.


According to the banner, the remote host is using a vulnerable version of mod_survey, a Perl module for managing online surveys.
This version has a flaw that could result in a SQL injection attack when the module is being used with a database backend. A remote attacker could exploit this to take control of the database.


Upgrade to mod_survey 3.0.14e / 3.0.15pre6 or later.

Plugin Details

Severity: High

ID: 11609

File Name: mod_survey_sql_injection.nasl

Version: $Revision: 1.15 $

Type: remote

Family: Web Servers

Published: 2003/05/09

Modified: 2011/03/12

Dependencies: 10582, 67257, 10107, 17975, 10386

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2003/03/28

Reference Information

BID: 7192

OSVDB: 4568

Secunia: 11196