Description
In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed session cookie. Instead of displaying a generic error message, the system exposes internal backend information, including the use of the Yii framework, the MySQL/MariaDB database engine, the table name 'lime_sessions', primary keys, and fragments of the content that caused the conflict. This information can simplify the collection of data about the internal architecture of the application by an attacker.
Remediation
References
Related Vulnerabilities
WordPress Plugin EZPZ One Click Backup 'mail' Parameter Cross-Site Scripting (12.03.10)
WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk Cross-Site Scripting (5.113)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-2272)
WordPress Plugin WORDPRESS VIDEO GALLERY SQL Injection (2.7)