Vulnerabilities > Limesurvey > High

DATE CVE VULNERABILITY TITLE RISK
2022-11-15 CVE-2022-43279 SQL Injection vulnerability in Limesurvey 5.4.4
LimeSurvey before v5.0.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php.
network
low complexity
limesurvey CWE-89
7.2
2021-02-14 CVE-2019-25019 SQL Injection vulnerability in Limesurvey
LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model.
network
low complexity
limesurvey CWE-89
7.5
2020-04-01 CVE-2020-11455 Path Traversal vulnerability in Limesurvey
LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
network
low complexity
limesurvey CWE-22
7.5
2019-09-09 CVE-2019-16184 Improper Neutralization of Formula Elements in a CSV File vulnerability in Limesurvey
A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file.
network
low complexity
limesurvey CWE-1236
7.5
2019-03-24 CVE-2019-9960 Path Traversal vulnerability in Limesurvey
The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path.
network
low complexity
limesurvey CWE-22
7.5
2018-09-14 CVE-2018-17057 Deserialization of Untrusted Data vulnerability in multiple products
An issue was discovered in TCPDF before 6.2.22.
network
low complexity
tecnick limesurvey CWE-502
7.5
2014-07-21 CVE-2014-5017 SQL Injection vulnerability in Limesurvey 2.05+
SQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to execute arbitrary SQL commands via the sidx parameter in a JSON request to admin/participants/sa/getParticipants_json, related to a search parameter.
network
low complexity
limesurvey CWE-89
7.5
2012-09-15 CVE-2012-4927 SQL Injection vulnerability in Limesurvey
SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.
network
low complexity
limesurvey CWE-89
7.5