CVE-2015-4628
- EPSS 1.56%
- Veröffentlicht 18.06.2015 10:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey before 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands via the sid parameter.
CVE-2011-5256
- EPSS 0.9%
- Veröffentlicht 12.02.2013 20:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey before 1.91+ Build 11379-20111116, when viewing survey results, allows remote attackers to inject arbitrary web script or HTML via unknown parameters.
CVE-2012-4995
- EPSS 1.16%
- Veröffentlicht 19.09.2012 19:55:07
- Zuletzt bearbeitet 16.06.2026 23:46:02
Cross-site scripting (XSS) vulnerability in admin/userrighthandling.php in LimeSurvey before 1.91+ Build 120224 allows remote attackers to inject arbitrary web script or HTML via the full_name parameter in a moduser action to admin/admin.php. NOTE: ...
CVE-2012-4994
- EPSS 1.04%
- Veröffentlicht 19.09.2012 19:55:07
- Zuletzt bearbeitet 16.06.2026 23:46:02
SQL injection vulnerability in admin/admin.php in LimeSurvey before 1.91+ Build 120224 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a browse action. NOTE: some of these details are obtained from third p...
CVE-2012-4927
- EPSS 2.24%
- Veröffentlicht 15.09.2012 17:55:08
- Zuletzt bearbeitet 16.06.2026 23:45:54
SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.
CVE-2009-1604
- EPSS 1.83%
- Veröffentlicht 11.05.2009 20:00:00
- Zuletzt bearbeitet 16.06.2026 23:07:37
Unspecified vulnerability in LimeSurvey before 1.82 allows remote attackers to execute commands and obtain sensitive data via unknown attack vectors related to /admin/remotecontrol/.
CVE-2008-2571
- EPSS 1.11%
- Veröffentlicht 06.06.2008 18:32:00
- Zuletzt bearbeitet 16.06.2026 22:54:01
Cross-site request forgery (CSRF) vulnerability in LimeSurvey (formerly PHPSurveyor) before 1.71 allows remote attackers to change arbitrary quotas as administrators via a "modify quota" action.
CVE-2008-2570
- EPSS 1.31%
- Veröffentlicht 06.06.2008 18:32:00
- Zuletzt bearbeitet 16.06.2026 22:54:00
Multiple unspecified vulnerabilities in LimeSurvey (formerly PHPSurveyor) before 1.71 have unknown impact and attack vectors.
CVE-2007-5573
- EPSS 2.57%
- Veröffentlicht 18.10.2007 21:17:00
- Zuletzt bearbeitet 16.06.2026 22:46:25
PHP remote file inclusion vulnerability in classes/core/language.php in LimeSurvey 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.
CVE-2007-3632
- EPSS 61.51%
- Veröffentlicht 10.07.2007 00:30:00
- Zuletzt bearbeitet 16.06.2026 22:42:25
Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote attackers to execute arbitrary PHP code via a URL in the homedir parameter to (1) OLE/PPS/File.php, (2) OLE/PPS/Root.php, (3) Spreadsheet/Excel/Wr...