Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
limesurvey vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-48008
An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows malicious users to execute arbitrary code via a crafted PHP file.
Limesurvey Limesurvey 5.4.15
NA
CVE-2022-48010
LimeSurvey v5.4.15 exists to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted paylo...
Limesurvey Limesurvey 5.4.15
4.3
CVSSv2
CVE-2018-10228
Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote malicious users to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI.
Limesurvey Limesurvey 3.6.2
9
CVSSv2
CVE-2021-44967
A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file.
Limesurvey Limesurvey 5.2.4
6.8
CVSSv2
CVE-2007-3632
Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote malicious users to execute arbitrary PHP code via a URL in the homedir parameter to (1) OLE/PPS/File.php, (2) OLE/PPS/Root.php, (3) Spreadsheet/Excel/Writer.php, or (4) OLE/PPS...
Limesurvey Limesurvey 1.49 Rc2
1 EDB exploit
4.3
CVSSv2
CVE-2014-5016
Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 140618 allow remote malicious users to inject arbitrary web script or HTML via (1) the pid attribute to the getAttribute_json function to application/controllers/admin/participantsaction.php in CPDB, (2...
Limesurvey Limesurvey 2.05\\+
7.5
CVSSv2
CVE-2014-5017
SQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 140618 allows remote malicious users to execute arbitrary SQL commands via the sidx parameter in a JSON request to admin/participants/sa/getParticipants_json, rel...
Limesurvey Limesurvey 2.05\\+
4.3
CVSSv2
CVE-2014-5018
Incomplete blacklist vulnerability in the autoEscape function in common_helper.php in LimeSurvey 2.05+ Build 140618 allows remote malicious users to conduct cross-site scripting (XSS) attacks via the GBK charset in the loadname parameter to index.php, related to the survey resume...
Limesurvey Limesurvey 2.05\\+
6.5
CVSSv2
CVE-2015-5078
SQL injection vulnerability in the insert function in application/controllers/admin/dataentry.php in LimeSurvey 2.06+ allows remote authenticated users to execute arbitrary SQL commands via the closedate parameter.
Limesurvey Limesurvey 2.06\\+
6.8
CVSSv2
CVE-2018-1000053
LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Theme Uninstallation that can result in CSRF causing LimeSurvey admins to delete all their themes, rendering the website unusable. This attack appear to be exploitable via Simple HT...
Limesurvey Limesurvey 3.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »