Description

LimeSurvey v5.4.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php.

Remediation

References

CVE-2022-43279

Related Vulnerabilities

WordPress Plugin Admin Custom Login Cross-Site Request Forgery (3.2.7)

IBM RTC Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-4946)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-3766)

WordPress Plugin PHP Event Calendar for WordPress Arbitrary File Upload (1.6)

MODX Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-8773)

Severity

High

Classification

CVE-2022-43279 CWE-138 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities