Description

An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity.

Remediation

References

CVE-2019-16174

Related Vulnerabilities

WordPress Plugin WP-Live Chat by 3CX Multiple Vulnerabilities (4.3.5)

WordPress Plugin PI Button includes Backdoor [Only if downloaded via the vendor website] (3.3.3)

WordPress Plugin VM Backups Cross-Site Request Forgery (1.0)

WordPress 5.2.x Multiple Vulnerabilities (5.2 - 5.2.7)

WordPress Plugin Audit Trail Cross-Site Scripting (1.1.13)

Severity

High

Classification

CVE-2019-16174 CWE-611 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities