Description

Limesurvey before 3.17.14 allows remote attackers to bruteforce the login form and enumerate usernames when the LDAP authentication method is used.

Remediation

References

CVE-2019-16180

Related Vulnerabilities

MySQL CVE-2022-21460 Vulnerability (CVE-2022-21460)

phpMyFAQ Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) Vulnerability (CVE-2023-1758)

Oracle Application Server CVE-2007-5517 Vulnerability (CVE-2007-5517)

MySQL CVE-2019-2974 Vulnerability (CVE-2019-2974)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41164)

Severity

Medium

Classification

CVE-2019-16180 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities