Description

A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file.

Remediation

References

CVE-2019-16184

Related Vulnerabilities

WordPress Plugin Appointment Booking Calendar-BirchPress Scheduler Unspecified Vulnerability (1.13.0)

WordPress Plugin OptionTree PHP Object Injection (2.6.0)

Envoy Proxy Improper Input Validation Vulnerability (CVE-2019-9900)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2484)

WordPress Plugin NextGEN Gallery-WordPress Gallery 'xml/media-rss.php' Cross-Site Scripting (1.5.1)

Severity

Critical

Classification

CVE-2019-16184 CWE-1236 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities