Description

A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file.

Remediation

References

CVE-2019-16184

Related Vulnerabilities

MySQL CVE-2012-3177 Vulnerability (CVE-2012-3177)

WordPress Plugin W3 Total Cache Information Disclosure (0.9.2.4)

Plone CMS Improper Restriction of XML External Entity Reference Vulnerability (CVE-2020-28736)

WordPress Plugin HTML5 jQuery Audio Player Multiple Cross-Site Scripting Vulnerabilities (2.3)

MySQL CVE-2016-8327 Vulnerability (CVE-2016-8327)

Severity

Critical

Classification

CVE-2019-16184 CWE-1236 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities