CVE-2025-41076

Name of the Vulnerable Software and Affected Versions LimeSurvey version 6.13.0

Description A flaw exists that allows an external user to trigger a 500 error within the survey system by submitting a crafted session cookie. This results in the disclosure of internal backend details, including the use of the Yii framework and the MySQL/MariaDB database engine. Specifically, the table name lime sessions, primary keys, and portions of conflicting content are revealed. This information could aid an attacker in gathering data about the application's internal structure.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider implementing stricter input validation for session cookies to prevent the submission of malformed data.