Limesurvey: >> Limesurvey >> 6.6.2 Security Vulnerabilities
An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via injecting a crafted payload into the lng parameter of the js_localize.php function
CVSS Score
8.8
EPSS Score
0.002
Published
2024-09-03
SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.
CVSS Score
7.5
EPSS Score
0.021
Published
2012-09-15