Vulnerabilities > Limesurvey > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-15 | CVE-2022-43279 | SQL Injection vulnerability in Limesurvey 5.4.4 LimeSurvey before v5.0.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php. | 7.2 |
| 2022-02-24 | CVE-2021-44967 | Unrestricted Upload of File with Dangerous Type vulnerability in Limesurvey 5.2.4 A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file. | 8.8 |
| 2019-09-09 | CVE-2019-16187 | Incorrect Permission Assignment for Critical Resource vulnerability in Limesurvey Limesurvey before 3.17.14 uses an anti-CSRF cookie without the HttpOnly flag, which allows attackers to access a cookie value via a client-side script. | 7.5 |
| 2019-09-09 | CVE-2019-16186 | Incorrect Default Permissions vulnerability in Limesurvey In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions. | 7.2 |
| 2019-09-09 | CVE-2019-16185 | Incorrect Default Permissions vulnerability in Limesurvey In Limesurvey before 3.17.14, admin users can view, update, or delete reserved menu entries without proper permissions. | 7.2 |
| 2019-09-09 | CVE-2019-16177 | Information Exposure vulnerability in Limesurvey In Limesurvey before 3.17.14, the entire database is exposed through browser caching. | 7.5 |
| 2019-09-09 | CVE-2019-16174 | XXE vulnerability in Limesurvey An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity. | 8.8 |
| 2019-08-26 | CVE-2019-15640 | Improper Input Validation vulnerability in Limesurvey Limesurvey before 3.17.10 does not validate both the MIME type and file extension of an image. | 7.5 |
| 2018-09-06 | CVE-2018-1000659 | Path Traversal vulnerability in Limesurvey LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. | 8.8 |
| 2018-09-06 | CVE-2018-1000658 | Unrestricted Upload of File with Dangerous Type vulnerability in Limesurvey LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. | 8.8 |