LimeSurvey 2.6.x prior to 2.6.7, 2.7x.x prior to 2.73.1, and 3.x prior to 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote malicious users to access the configuration file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
limesurvey limesurvey |
||
debian debian linux 7.0 |