Description
SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.
Remediation
References
Related Vulnerabilities
MySQL CVE-2015-4910 Vulnerability (CVE-2015-4910)
MODX Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-8775)
WordPress Plugin NextGEN Gallery Sell Photo Cross-Site Scripting (1.0.4)
WordPress Plugin Hueman Addons Cross-Site Scripting (2.3.3)
WordPress Plugin WP Photo Album Plus Cross-Site Scripting (5.4.7)