Limesurvey: >> Limesurvey >> 3.14.3 Security Vulnerabilities
In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file,
CVSS Score
4.9
EPSS Score
0.004
Published
2018-09-03
SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.
CVSS Score
7.5
EPSS Score
0.034
Published
2012-09-15
Page 5