Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
limesurvey limesurvey vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-9960
The downloadZip function in application/controllers/admin/export.php in LimeSurvey up to and including 3.16.1+190225 allows a relative path.
Limesurvey Limesurvey
1 Metasploit module
6.5
CVSSv2
CVE-2018-1000659
LimeSurvey version 3.14.4 and previous versions contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exploitable via An auth...
Limesurvey Limesurvey
NA
CVE-2023-44796
Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote malicious user to escalate privileges via a crafted script to the _generaloptions_panel.php component.
Limesurvey Limesurvey
6.5
CVSSv2
CVE-2015-4628
SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey prior to 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands via the sid parameter.
Limesurvey Limesurvey
6.5
CVSSv2
CVE-2018-1000658
LimeSurvey version before 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive which can contains malicious ph...
Limesurvey Limesurvey
5
CVSSv2
CVE-2019-16179
Limesurvey prior to 3.17.14 does not enforce SSL/TLS usage in the default configuration.
Limesurvey Limesurvey
4
CVSSv2
CVE-2019-16181
In Limesurvey prior to 3.17.14, admin users can mark other users' notifications as read.
Limesurvey Limesurvey
6.5
CVSSv2
CVE-2019-16185
In Limesurvey prior to 3.17.14, admin users can view, update, or delete reserved menu entries without proper permissions.
Limesurvey Limesurvey
4
CVSSv2
CVE-2019-16183
In Limesurvey prior to 3.17.14, admin users can run an integrity check without proper permissions.
Limesurvey Limesurvey
4.3
CVSSv2
CVE-2021-42112
The "File upload question" functionality in LimeSurvey 3.x-LTS up to and including 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js.
Limesurvey Limesurvey
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »