PT-2015-6770 · Limesurvey · Limesurvey

Published

2015-06-28

Updated

2016-12-07

CVE-2015-5078

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions LimeSurvey versions 2.06 and later

Description The issue allows remote authenticated users to execute arbitrary SQL commands via the closedate parameter in the insert function in application/controllers/admin/dataentry.php.

Recommendations For LimeSurvey versions 2.06 and later, update to a version that includes a fix for this issue, as using the closedate parameter can lead to execution of arbitrary SQL commands.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2015-5078

Affected Products

Limesurvey

PT-2015-6770 · Limesurvey · Limesurvey

CVE-2015-5078

Weakness Enumeration

Related Identifiers

Affected Products

References · 5