Limesurvey

Limesurvey

76 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2018-1000658

  • EPSS 0.68%
  • Veröffentlicht 06.09.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:40:20

LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive...

4.9

CVE-2018-16397

  • EPSS 0.36%
  • Veröffentlicht 03.09.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:52:40

In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file,

4.3

CVE-2018-1000514

Exploit
  • EPSS 0.09%
  • Veröffentlicht 26.06.2018 16:29:01
  • Zuletzt bearbeitet 21.11.2024 03:40:05

LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Boxes that can result in CSRF admins to delete boxes. This vulnerability appears to have been fixed in 3.6.x.

4.8

CVE-2018-1000513

Exploit
  • EPSS 0.46%
  • Veröffentlicht 26.06.2018 16:29:01
  • Zuletzt bearbeitet 21.11.2024 03:40:05

LimeSurvey version 3.0.0-beta.3+17110 contains a Cross Site Scripting (XSS) vulnerability in Boxes that can result in JS code execution against LimeSurvey admins. This vulnerability appears to have been fixed in 3.6.x.

9.1

CVE-2018-7556

  • EPSS 0.29%
  • Veröffentlicht 28.02.2018 07:29:00
  • Zuletzt bearbeitet 21.11.2024 04:12:21

LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the configuration file.

8.8

CVE-2018-1000053

  • EPSS 0.13%
  • Veröffentlicht 09.02.2018 23:29:01
  • Zuletzt bearbeitet 21.11.2024 03:39:32

LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Theme Uninstallation that can result in CSRF causing LimeSurvey admins to delete all their themes, rendering the website unusable. This attack appear t...

6.5

CVE-2015-4628

  • EPSS 0.35%
  • Veröffentlicht 18.06.2015 10:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey before 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands via the sid parameter.

2.6

CVE-2011-5256

  • EPSS 0.26%
  • Veröffentlicht 12.02.2013 20:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey before 1.91+ Build 11379-20111116, when viewing survey results, allows remote attackers to inject arbitrary web script or HTML via unknown parameters.

4.3

CVE-2012-4995

  • EPSS 0.33%
  • Veröffentlicht 19.09.2012 19:55:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in admin/userrighthandling.php in LimeSurvey before 1.91+ Build 120224 allows remote attackers to inject arbitrary web script or HTML via the full_name parameter in a moduser action to admin/admin.php. NOTE: ...

6.5

CVE-2012-4994

  • EPSS 0.39%
  • Veröffentlicht 19.09.2012 19:55:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in admin/admin.php in LimeSurvey before 1.91+ Build 120224 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a browse action. NOTE: some of these details are obtained from third p...