Description

SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey before 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands via the sid parameter.

Remediation

References

CVE-2015-4628

Related Vulnerabilities

WordPress Plugin All-in-One Event Calendar Multiple Vulnerabilities (1.9)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33938)

WordPress Plugin Login by Auth0 Cross-Site Scripting (3.11.2)

Apache HTTP Server Resource Management Errors Vulnerability (CVE-2005-3357)

WordPress Plugin Visitor Traffic Real Time Statistics Cross-Site Request Forgery (2.12)

Severity

Medium

Classification

CVE-2015-4628 CWE-138

Tags

Missing Update Known Vulnerabilities