Deckard

**Name of the Vulnerable Software and Affected Versions** LimeSurvey version 6.5.14-240624 **Description** A critical issue has been found, affecting the function `actionUpdateSurveyLocaleSettingsGeneralSettings` of the component Survey General Settings Handler, located in the file "/index.php?r=admin/database/index/updatesurveylocalesettings generalsettings". The manipulation of the `language` argument leads to sql injection. This issue can be exploited remotely. The exploit has been disclosed to the public. **Recommendations** For LimeSurvey version 6.5.14-240624, as a temporary workaround, consider disabling the `actionUpdateSurveyLocaleSettingsGeneralSettings` function until a patch is available. Restrict access to the "/index.php?r=admin/database/index/updatesurveylocalesettings generalsettings" endpoint to minimize the risk of exploitation. Avoid using the `language` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.