Description
SQL injection vulnerability in the insert function in application/controllers/admin/dataentry.php in LimeSurvey 2.06+ allows remote authenticated users to execute arbitrary SQL commands via the closedate parameter.
Remediation
References
Related Vulnerabilities
Ruby Cryptographic Issues Vulnerability (CVE-2012-5371)
MySQL CVE-2017-3331 Vulnerability (CVE-2017-3331)
WordPress Plugin Work The Flow File Upload Arbitrary File Upload (2.3.1)
Oracle Database Server CVE-2019-2940 Vulnerability (CVE-2019-2940)
WordPress Plugin Fathom Analytics Cross-Site Scripting (3.0.4)