Description

SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.

Remediation

References

CVE-2012-4927

Related Vulnerabilities

Caddy Web Server Improper Authentication Vulnerability (CVE-2018-21246)

Moodle Other Vulnerability (CVE-2006-4940)

Oracle Database Server CVE-2008-2604 Vulnerability (CVE-2008-2604)

Oracle JRE CVE-2017-10285 Vulnerability (CVE-2017-10285)

WordPress Plugin Ultimate Category Excluder Cross-Site Request Forgery (1.1)

Severity

High

Classification

CVE-2012-4927 CWE-138

Tags

Missing Update Known Vulnerabilities