Description

SQL injection vulnerability in admin/admin.php in LimeSurvey before 1.91+ Build 120224 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a browse action. NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2012-4994

Related Vulnerabilities

MySQL CVE-2017-3243 Vulnerability (CVE-2017-3243)

WordPress Plugin WP Business Intelligence Lite SQL Injection (1.6.1)

PostgreSQL Other Vulnerability (CVE-2004-0547)

PHP Improper Input Validation Vulnerability (CVE-2015-8879)

WordPress 3.9.x Cross-Site Request Forgery (3.9 - 3.9.26)

Severity

Medium

Classification

CVE-2012-4994 CWE-138

Tags

Missing Update Known Vulnerabilities