Description
SQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to execute arbitrary SQL commands via the sidx parameter in a JSON request to admin/participants/sa/getParticipants_json, related to a search parameter.
Remediation
References
Related Vulnerabilities
MySQL CVE-2021-35618 Vulnerability (CVE-2021-35618)
phpMyAdmin Improper Input Validation Vulnerability (CVE-2016-9863)
WordPress Plugin Duplicator-WordPress Migration Cross-Site Scripting (0.5.26)
WordPress Plugin Easy Team Manager SQL Injection (1.3.2)
PrestaShop Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-8823)