Description

SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.

Remediation

References

CVE-2012-4927

Related Vulnerabilities

PHP Other Vulnerability (CVE-2002-0229)

Oracle Application Server CVE-2008-7234 Vulnerability (CVE-2008-7234)

Apache HTTP Server Other Vulnerability (CVE-2000-0868)

Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.1)

WordPress Plugin WebP Converter for Media Cross-Site Request Forgery (1.0.2)

Severity

High

Classification

CVE-2012-4927 CWE-138

Tags

Missing Update Known Vulnerabilities