Vulnerabilities > Limesurvey > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-09-19 | CVE-2012-4995 | Cross-Site Scripting vulnerability in Limesurvey Cross-site scripting (XSS) vulnerability in admin/userrighthandling.php in LimeSurvey before 1.91+ Build 120224 allows remote attackers to inject arbitrary web script or HTML via the full_name parameter in a moduser action to admin/admin.php. | 4.3 |
| 2012-09-19 | CVE-2012-4994 | SQL Injection vulnerability in Limesurvey SQL injection vulnerability in admin/admin.php in LimeSurvey before 1.91+ Build 120224 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a browse action. | 6.5 |
| 2011-09-23 | CVE-2011-3752 | Information Exposure vulnerability in Limesurvey 1.90+ LimeSurvey 1.90+ build9642-20101214 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/statistics.php and certain other files. | 5.0 |
| 2007-10-18 | CVE-2007-5573 | Code Injection vulnerability in Limesurvey 1.01 PHP remote file inclusion vulnerability in classes/core/language.php in LimeSurvey 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter. | 6.8 |
| 2007-07-10 | CVE-2007-3632 | Remote Security vulnerability in Limesurvey 1.49Rc2 Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote attackers to execute arbitrary PHP code via a URL in the homedir parameter to (1) OLE/PPS/File.php, (2) OLE/PPS/Root.php, (3) Spreadsheet/Excel/Writer.php, or (4) OLE/PPS.php in admin/classes/pear/; or (5) Worksheet.php, (6) Parser.php, (7) Workbook.php, (8) Format.php, or (9) BIFFwriter.php in admin/classes/pear/Spreadsheet/Excel/Writer/. network limesurvey | 6.8 |