Description

A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file.

Remediation

References

CVE-2019-16184

Related Vulnerabilities

WordPress Plugin PitchPrint Arbitrary File Upload (7.1.1)

MyBB Other Vulnerability (CVE-2007-0544)

WordPress Plugin WP e-Commerce Shop Styling Remote File Inclusion (1.7.2)

Oracle JRE CVE-2020-2601 Vulnerability (CVE-2020-2601)

WordPress Improper Input Validation Vulnerability (CVE-2019-20041)

Severity

Critical

Classification

CVE-2019-16184 CWE-1236 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities