PT-2018-18153 · Limesurvey · Limesurvey

Published

2018-02-28

Updated

2018-03-23

CVE-2018-7556

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions LimeSurvey versions 2.6.x through 2.6.6 LimeSurvey versions 2.7x.x through 2.73.0 LimeSurvey versions 3.x through 3.4.1

Description The issue arises from the mishandling of the application/controller/InstallerController.php file after installation. This mishandling allows remote attackers to access the configuration file.

Recommendations For LimeSurvey versions 2.6.x through 2.6.6, update to version 2.6.7 or later. For LimeSurvey versions 2.7x.x through 2.73.0, update to version 2.73.1 or later. For LimeSurvey versions 3.x through 3.4.1, update to version 3.4.2 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2018-7556

Affected Products

Limesurvey

PT-2018-18153 · Limesurvey · Limesurvey

CVE-2018-7556

Weakness Enumeration

Related Identifiers

Affected Products

References · 3