Description

In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions.

Remediation

References

CVE-2019-16186

Related Vulnerabilities

WordPress Plugin Livemesh SiteOrigin Widgets Security Bypass (2.5.1)

Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-4225)

SharePoint Origin Validation Error Vulnerability (CVE-2019-1442)

WordPress 5.3.x Directory Traversal (5.3 - 5.3.17)

Omeka Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-5100)

Severity

High

Classification

CVE-2019-16186 CWE-276 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities