Description
SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.
Remediation
References
Related Vulnerabilities
Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-33327)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-0813)
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-7073)
WordPress Plugin Slimstat Analytics Cross-Site Scripting (0.9.2)
Contao Incorrect Default Permissions Vulnerability (CVE-2019-19712)