Description

SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.

Remediation

References

CVE-2012-4927

Related Vulnerabilities

MySQL CVE-2013-0383 Vulnerability (CVE-2013-0383)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1000362)

Oracle Database Server CVE-2020-2511 Vulnerability (CVE-2020-2511)

WordPress Plugin AccessAlly Information Disclosure (3.5.6)

Oracle Application Server CVE-2007-5518 Vulnerability (CVE-2007-5518)

Severity

High

Classification

CVE-2012-4927 CWE-138

Tags

Missing Update Known Vulnerabilities