Description

A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file.

Remediation

References

CVE-2019-16184

Related Vulnerabilities

PHP HTML entity encoder heap overflow vulnerability

Moodle Improper Input Validation Vulnerability (CVE-2018-1137)

WordPress Plugin AMP for WP-Accelerated Mobile Pages Multiple Unspecified Vulnerabilities (0.9.72)

Ruby on Rails Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-0449)

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1963)

Severity

Critical

Classification

CVE-2019-16184 CWE-1236 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities