Vulnerability Details CVE-2015-4628
SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey before 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands via the sid parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.4%
CVSS Severity
CVSS v2 Score 6.5
References
- http://www.securityfocus.com/bid/75301
- https://bugs.limesurvey.org/view.php?id=9694
- https://github.com/LimeSurvey/LimeSurvey/commit/b09edc0dbd18d8459ade4c7c941e562c16564f9e
- https://github.com/LimeSurvey/LimeSurvey/commit/e15861a65b7028adfc23ef6af8563f645e318548
- https://github.com/LimeSurvey/LimeSurvey/pull/331
- http://www.securityfocus.com/bid/75301
- https://bugs.limesurvey.org/view.php?id=9694
- https://github.com/LimeSurvey/LimeSurvey/commit/b09edc0dbd18d8459ade4c7c941e562c16564f9e
- https://github.com/LimeSurvey/LimeSurvey/commit/e15861a65b7028adfc23ef6af8563f645e318548
- https://github.com/LimeSurvey/LimeSurvey/pull/331
Products affected by CVE-2015-4628
-
cpe:2.3:a:limesurvey:limesurvey:1.01
-
cpe:2.3:a:limesurvey:limesurvey:1.45
-
cpe:2.3:a:limesurvey:limesurvey:1.50
-
cpe:2.3:a:limesurvey:limesurvey:1.52
-
cpe:2.3:a:limesurvey:limesurvey:1.53
-
cpe:2.3:a:limesurvey:limesurvey:1.53+
-
cpe:2.3:a:limesurvey:limesurvey:1.70
-
cpe:2.3:a:limesurvey:limesurvey:1.70+
-
cpe:2.3:a:limesurvey:limesurvey:1.71
-
cpe:2.3:a:limesurvey:limesurvey:1.71+
-
cpe:2.3:a:limesurvey:limesurvey:1.72
-
cpe:2.3:a:limesurvey:limesurvey:1.80
-
cpe:2.3:a:limesurvey:limesurvey:1.80+
-
cpe:2.3:a:limesurvey:limesurvey:1.81
-
cpe:2.3:a:limesurvey:limesurvey:1.81+
-
cpe:2.3:a:limesurvey:limesurvey:1.82
-
cpe:2.3:a:limesurvey:limesurvey:1.82+
-
cpe:2.3:a:limesurvey:limesurvey:1.85
-
cpe:2.3:a:limesurvey:limesurvey:1.86
-
cpe:2.3:a:limesurvey:limesurvey:1.87
-
cpe:2.3:a:limesurvey:limesurvey:1.87+
-
cpe:2.3:a:limesurvey:limesurvey:1.90
-
cpe:2.3:a:limesurvey:limesurvey:1.90+
-
cpe:2.3:a:limesurvey:limesurvey:1.91
-
cpe:2.3:a:limesurvey:limesurvey:1.91+
-
cpe:2.3:a:limesurvey:limesurvey:1.92
-
cpe:2.3:a:limesurvey:limesurvey:2.00
-
cpe:2.3:a:limesurvey:limesurvey:2.05
-
cpe:2.3:a:limesurvey:limesurvey:2.05+
-
cpe:2.3:a:limesurvey:limesurvey:2.06
-
cpe:2.3:a:limesurvey:limesurvey:2.06+