Description
SQL injection vulnerability in admin/admin.php in LimeSurvey before 1.91+ Build 120224 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a browse action. NOTE: some of these details are obtained from third party information.
Remediation
References
Related Vulnerabilities
Oracle Application Server Other Vulnerability (CVE-2006-5354)
WordPress Plugin WP Symposium 'get_profile_avatar.php' SQL Injection (0.64)
Oracle JRE CVE-2024-21145 Vulnerability (CVE-2024-21145)
WordPress Plugin YITH Maintenance Mode Cross-Site Scripting (1.3.7)
WordPress Plugin Stockdio Historical Chart Cross-Site Scripting (2.7.2)