Limesurvey

Limesurvey

78 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2018-17057

Exploit
  • EPSS 52.13%
  • Veröffentlicht 14.09.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:53:47

An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

8.8

CVE-2018-1000659

  • EPSS 2.05%
  • Veröffentlicht 06.09.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:40:20

LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exp...

8.8

CVE-2018-1000658

  • EPSS 0.68%
  • Veröffentlicht 06.09.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:40:20

LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive...

4.9

CVE-2018-16397

  • EPSS 0.36%
  • Veröffentlicht 03.09.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:52:40

In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file,

4.3

CVE-2018-1000514

Exploit
  • EPSS 0.09%
  • Veröffentlicht 26.06.2018 16:29:01
  • Zuletzt bearbeitet 21.11.2024 03:40:05

LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Boxes that can result in CSRF admins to delete boxes. This vulnerability appears to have been fixed in 3.6.x.

4.8

CVE-2018-1000513

Exploit
  • EPSS 0.46%
  • Veröffentlicht 26.06.2018 16:29:01
  • Zuletzt bearbeitet 21.11.2024 03:40:05

LimeSurvey version 3.0.0-beta.3+17110 contains a Cross Site Scripting (XSS) vulnerability in Boxes that can result in JS code execution against LimeSurvey admins. This vulnerability appears to have been fixed in 3.6.x.

9.1

CVE-2018-7556

  • EPSS 0.29%
  • Veröffentlicht 28.02.2018 07:29:00
  • Zuletzt bearbeitet 21.11.2024 04:12:21

LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the configuration file.

8.8

CVE-2018-1000053

  • EPSS 0.13%
  • Veröffentlicht 09.02.2018 23:29:01
  • Zuletzt bearbeitet 21.11.2024 03:39:32

LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Theme Uninstallation that can result in CSRF causing LimeSurvey admins to delete all their themes, rendering the website unusable. This attack appear t...

6.5

CVE-2015-4628

  • EPSS 0.35%
  • Veröffentlicht 18.06.2015 10:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey before 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands via the sid parameter.

2.6

CVE-2011-5256

  • EPSS 0.26%
  • Veröffentlicht 12.02.2013 20:55:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey before 1.91+ Build 11379-20111116, when viewing survey results, allows remote attackers to inject arbitrary web script or HTML via unknown parameters.