Description

Limesurvey before 3.17.14 does not enforce SSL/TLS usage in the default configuration.

Remediation

References

CVE-2019-16179

Related Vulnerabilities

Moodle Other Vulnerability (CVE-2006-5219)

MySQL Resource Management Errors Vulnerability (CVE-2010-3833)

WordPress Plugin YARPP-Yet Another Related Posts PHP Object Injection (4.4)

WordPress Plugin Easy Forms for Mailchimp Unspecified Vulnerability (6.6.2)

Oracle Database Server CVE-2015-4873 Vulnerability (CVE-2015-4873)

Severity

Medium

Classification

CVE-2019-16179 CWE-295 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities