Vulnerabilities > Limesurvey

DATE CVE VULNERABILITY TITLE RISK
2013-02-12 CVE-2011-5256 Cross-Site Scripting vulnerability in Limesurvey
Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey before 1.91+ Build 11379-20111116, when viewing survey results, allows remote attackers to inject arbitrary web script or HTML via unknown parameters.
network
high complexity
limesurvey CWE-79
2.6
2012-09-19 CVE-2012-4995 Cross-Site Scripting vulnerability in Limesurvey
Cross-site scripting (XSS) vulnerability in admin/userrighthandling.php in LimeSurvey before 1.91+ Build 120224 allows remote attackers to inject arbitrary web script or HTML via the full_name parameter in a moduser action to admin/admin.php.
network
limesurvey CWE-79
4.3
2012-09-19 CVE-2012-4994 SQL Injection vulnerability in Limesurvey
SQL injection vulnerability in admin/admin.php in LimeSurvey before 1.91+ Build 120224 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a browse action.
network
low complexity
limesurvey CWE-89
6.5
2012-09-15 CVE-2012-4927 SQL Injection vulnerability in Limesurvey
SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.
network
low complexity
limesurvey CWE-89
7.5
2011-09-23 CVE-2011-3752 Information Exposure vulnerability in Limesurvey 1.90+
LimeSurvey 1.90+ build9642-20101214 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/statistics.php and certain other files.
network
low complexity
limesurvey CWE-200
5.0
2009-05-11 CVE-2009-1604 Remote Code Execution vulnerability in LimeSurvey '/admin/remotecontrol'
Unspecified vulnerability in LimeSurvey before 1.82 allows remote attackers to execute commands and obtain sensitive data via unknown attack vectors related to /admin/remotecontrol/.
network
low complexity
limesurvey
7.5
2008-06-06 CVE-2008-2571 Cross-Site Scripting vulnerability in Limesurvey
Cross-site request forgery (CSRF) vulnerability in LimeSurvey (formerly PHPSurveyor) before 1.71 allows remote attackers to change arbitrary quotas as administrators via a "modify quota" action.
network
limesurvey CWE-79
4.3
2008-06-06 CVE-2008-2570 Remote vulnerability in LimeSurvey Prior to 1.71
Multiple unspecified vulnerabilities in LimeSurvey (formerly PHPSurveyor) before 1.71 have unknown impact and attack vectors.
network
limesurvey
critical
9.3
2007-10-18 CVE-2007-5573 Code Injection vulnerability in Limesurvey 1.01
PHP remote file inclusion vulnerability in classes/core/language.php in LimeSurvey 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.
network
limesurvey CWE-94
6.8
2007-07-10 CVE-2007-3632 Remote Security vulnerability in Limesurvey 1.49Rc2
Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote attackers to execute arbitrary PHP code via a URL in the homedir parameter to (1) OLE/PPS/File.php, (2) OLE/PPS/Root.php, (3) Spreadsheet/Excel/Writer.php, or (4) OLE/PPS.php in admin/classes/pear/; or (5) Worksheet.php, (6) Parser.php, (7) Workbook.php, (8) Format.php, or (9) BIFFwriter.php in admin/classes/pear/Spreadsheet/Excel/Writer/.
network
limesurvey
6.8