Description

SQL injection vulnerability in admin/admin.php in LimeSurvey before 1.91+ Build 120224 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a browse action. NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2012-4994

Related Vulnerabilities

LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-17660)

WordPress Plugin iThemes Security (formerly Better WP Security) SQL Injection (7.0.2)

WordPress Plugin Email Queue by BestWebSoft Cross-Site Scripting (1.1.1)

Mailman Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-43331)

Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-20612)

Severity

Medium

Classification

CVE-2012-4994 CWE-138

Tags

Missing Update Known Vulnerabilities