Description
SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.
Remediation
References
Related Vulnerabilities
Jenkins Incorrect Authorization Vulnerability (CVE-2018-1999004)
WordPress Plugin Custom Login Page Customizer-LoginPress Unspecified Vulnerability (1.1.15)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2007-5899)
MySQL CVE-2019-2585 Vulnerability (CVE-2019-2585)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4295)