Vulnerabilities > Limesurvey > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-15 | CVE-2022-43279 | SQL Injection vulnerability in Limesurvey 5.4.4 LimeSurvey before v5.0.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php. | 7.2 |
2021-02-14 | CVE-2019-25019 | SQL Injection vulnerability in Limesurvey LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model. | 7.5 |
2020-04-01 | CVE-2020-11455 | Path Traversal vulnerability in Limesurvey LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php. | 7.5 |
2019-09-09 | CVE-2019-16184 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Limesurvey A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file. | 7.5 |
2019-03-24 | CVE-2019-9960 | Path Traversal vulnerability in Limesurvey The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path. | 7.5 |
2018-09-14 | CVE-2018-17057 | Deserialization of Untrusted Data vulnerability in multiple products An issue was discovered in TCPDF before 6.2.22. | 7.5 |
2014-07-21 | CVE-2014-5017 | SQL Injection vulnerability in Limesurvey 2.05+ SQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to execute arbitrary SQL commands via the sidx parameter in a JSON request to admin/participants/sa/getParticipants_json, related to a search parameter. | 7.5 |
2012-09-15 | CVE-2012-4927 | SQL Injection vulnerability in Limesurvey SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php. | 7.5 |