Description

A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file.

Remediation

References

CVE-2019-16184

Related Vulnerabilities

WordPress Plugin Tierra's Billboard Manager SQL Injection (1.14)

WordPress Plugin wpForo Forum Open Redirect (1.9.6)

Joomla URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-21723)

WordPress Plugin Ultimate Instagram Feed Cross-Site Scripting (1.2)

ownCloud Improper Authentication Vulnerability (CVE-2014-9043)

Severity

Critical

Classification

CVE-2019-16184 CWE-1236 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities