Limesurvey

Limesurvey

74 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2018-1000514

Exploit
  • EPSS 0.09%
  • Veröffentlicht 26.06.2018 16:29:01
  • Zuletzt bearbeitet 21.11.2024 03:40:05

LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Boxes that can result in CSRF admins to delete boxes. This vulnerability appears to have been fixed in 3.6.x.

4.8

CVE-2018-1000513

Exploit
  • EPSS 0.46%
  • Veröffentlicht 26.06.2018 16:29:01
  • Zuletzt bearbeitet 21.11.2024 03:40:05

LimeSurvey version 3.0.0-beta.3+17110 contains a Cross Site Scripting (XSS) vulnerability in Boxes that can result in JS code execution against LimeSurvey admins. This vulnerability appears to have been fixed in 3.6.x.

9.1

CVE-2018-7556

  • EPSS 0.29%
  • Veröffentlicht 28.02.2018 07:29:00
  • Zuletzt bearbeitet 21.11.2024 04:12:21

LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the configuration file.

8.8

CVE-2018-1000053

  • EPSS 0.13%
  • Veröffentlicht 09.02.2018 23:29:01
  • Zuletzt bearbeitet 21.11.2024 03:39:32

LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Theme Uninstallation that can result in CSRF causing LimeSurvey admins to delete all their themes, rendering the website unusable. This attack appear t...

6.5

CVE-2015-4628

  • EPSS 0.35%
  • Veröffentlicht 18.06.2015 10:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey before 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands via the sid parameter.

2.6

CVE-2011-5256

  • EPSS 0.26%
  • Veröffentlicht 12.02.2013 20:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey before 1.91+ Build 11379-20111116, when viewing survey results, allows remote attackers to inject arbitrary web script or HTML via unknown parameters.

4.3

CVE-2012-4995

  • EPSS 0.33%
  • Veröffentlicht 19.09.2012 19:55:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in admin/userrighthandling.php in LimeSurvey before 1.91+ Build 120224 allows remote attackers to inject arbitrary web script or HTML via the full_name parameter in a moduser action to admin/admin.php. NOTE: ...

6.5

CVE-2012-4994

  • EPSS 0.39%
  • Veröffentlicht 19.09.2012 19:55:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in admin/admin.php in LimeSurvey before 1.91+ Build 120224 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a browse action. NOTE: some of these details are obtained from third p...

7.5

CVE-2012-4927

Exploit
  • EPSS 2.14%
  • Veröffentlicht 15.09.2012 17:55:08
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.

7.5

CVE-2009-1604

  • EPSS 0.8%
  • Veröffentlicht 11.05.2009 20:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unspecified vulnerability in LimeSurvey before 1.82 allows remote attackers to execute commands and obtain sensitive data via unknown attack vectors related to /admin/remotecontrol/.