| Title | LimeSurvey 6.5.14-240624 SQL Injection |
|---|
| Description | A critical SQL injection vulnerability has been identified in LimeSurvey version 6.5.14-240624. This vulnerability exists in the actionUpdateSurveyLocaleSettingsGeneralSettings() function due to insufficient filtering of the language parameter. An attacker can exploit this vulnerability to execute arbitrary SQL commands on the database. |
|---|
| Source | ⚠️ https://github.com/Hebing123/cve/issues/55 |
|---|
| User | jiashenghe (UID 39445) |
|---|
| Submission | 07/10/2024 05:45 (2 years ago) |
|---|
| Moderation | 07/20/2024 08:04 (10 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 271988 [LimeSurvey 6.5.14-240624 Survey General Settings updatesurveylocalesettings_generalsettings actionUpdateSurveyLocaleSettingsGeneralSettings Language sql injection] |
|---|
| Points | 19 |
|---|