A critical security vulnerability in LimeSurvey Community Edition Version 5.3.32+220817 allows attackers to compromise the super-admin account through the 'Administrator email address:' field in 'General Setting.' This could result in theft of cookies and session tokens.
The LimeSurvey application fails to properly sanitize user-supplied data, allowing an attacker to execute arbitrary script code in the browser of a victim user. This can lead to the theft of authentication credentials and other malicious actions.
The LimeSurvey (PHPSurveyor) script version 1.49RC2 is vulnerable to a Remote File Include (RFI) vulnerability. The vulnerability exists in multiple files, including /admin/classes/pear/OLE/PPS/File.php, /admin/classes/pear/OLE/PPS/Root.php, /admin/classes/pear/Spreadsheet/Excel/Writer.php, /admin/classes/pear/OLE/PPS.php, /admin/classes/pear/Spreadsheet/Excel/Writer/Worksheet.php, /admin/classes/pear/Spreadsheet/Excel/Writer/Parser.php, /admin/classes/pear/Spreadsheet/Excel/Writer/Workbook.php, /admin/classes/pear/Spreadsheet/Excel/Writer/Format.php, and /admin/classes/pear/Spreadsheet/Excel/Writer/BIFFwriter.php. An attacker can exploit this vulnerability by including a remote file using the homedir parameter in the URL.
LimeSurvey < 3.16 uses an old version of the 'TCPDF' library, which is vulnerable to a Serialization Attack via the 'phar://' wrapper.
A stored cross-site scripting vulnerability exists within the 'Permission Roles' functionality of the LimeSurvey administration panel. The vulnerability is caused by the lack of proper input sanitization of the 'Permissiontemplates[name]' and 'Permissiontemplates[description]' parameters.
The LimeSurvey version 1.92+ build 120620 is vulnerable to Remote File Inclusion (RFI) and Directory Traversal attacks. In the RFI vulnerability, an attacker can include arbitrary remote files by setting the 'rootdir' parameter to a malicious URL. In the Directory Traversal vulnerability, an attacker can access sensitive files by manipulating the 'sFullFilepath' parameter.
LimeSurvey is vulnerable to Remote Code Execution (RCE) when an authenticated user sends a maliciously crafted request to the application. An attacker can exploit this vulnerability to execute arbitrary code on the server.
A stored cross-site scripting vulnerability exists within the 'Survey Menu' functionality of the LimeSurvey administration panel. Vulnerable Parameters: Surveymenu[parent_id].
A path traversal vulnerability exists within the 'File Manager' functionality of LimeSurvey that allows an attacker to download arbitrary files. The file manager functionality will also delete the file after it is downloaded (if the web service account has permissions to do so), allowing an attacker to cause a denial of service by specifying a critical LimeSurvey configuration file.
A stored cross-site scripting vulnerability exists within the 'Survey Groups' functionality of the LimeSurvey administration panel. The vulnerable parameter is 'title'.
Services By CQR