Description
SQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to execute arbitrary SQL commands via the sidx parameter in a JSON request to admin/participants/sa/getParticipants_json, related to a search parameter.
Remediation
References
Related Vulnerabilities
MODX Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-7321)
MediaWiki Other Vulnerability (CVE-2007-0788)
WordPress Plugin WP-RecentComments Information Disclosure (2.2.7)
Oracle Database Server CVE-2014-6545 Vulnerability (CVE-2014-6545)
XWikiplatform Missing Authorization Vulnerability (CVE-2024-45591)