Description

A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file.

Remediation

References

CVE-2019-16184

Related Vulnerabilities

Jboss EAP Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-0205)

WordPress Plugin IgniteUp-Coming Soon and Maintenance Mode Multiple Vulnerabilities (3.4)

WordPress Plugin LiveGrounds 'uid' Parameter Cross-Site Scripting (0.42)

concrete5 Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-22958)

WordPress Plugin ZooEffect for Video player Photo Gallery Slideshow jQuery and audio/music/podcast-HTML Cross-Site Scripting (1.01)

Severity

Critical

Classification

CVE-2019-16184 CWE-1236 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities