Description

SQL injection vulnerability in admin/admin.php in LimeSurvey before 1.91+ Build 120224 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a browse action. NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2012-4994

Related Vulnerabilities

WordPress Plugin Download Monitor Information Disclosure (1.6.3)

WordPress Plugin Eyes Only:User Access Shortcode Cross-Site Scripting (1.8.2)

WordPress Plugin OMFG Mobile Pro Cross-Site Scripting (1.1.26)

WordPress Plugin Weather Effect-Christmas Santa Snow Falling Cross-Site Request Forgery (1.3.3)

MySQL CVE-2021-2144 Vulnerability (CVE-2021-2144)

Severity

Medium

Classification

CVE-2012-4994 CWE-138

Tags

Missing Update Known Vulnerabilities