Limesurvey: >> Limesurvey >> 1.01 Security Vulnerabilities
SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.
CVSS Score
7.5
EPSS Score
0.021
Published
2012-09-15
Multiple unspecified vulnerabilities in LimeSurvey (formerly PHPSurveyor) before 1.71 have unknown impact and attack vectors.
CVSS Score
9.3
EPSS Score
0.004
Published
2008-06-06
Cross-site request forgery (CSRF) vulnerability in LimeSurvey (formerly PHPSurveyor) before 1.71 allows remote attackers to change arbitrary quotas as administrators via a "modify quota" action.
CVSS Score
4.3
EPSS Score
0.004
Published
2008-06-06
PHP remote file inclusion vulnerability in classes/core/language.php in LimeSurvey 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.
CVSS Score
6.8
EPSS Score
0.015
Published
2007-10-18
Page 5