Description

SQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to execute arbitrary SQL commands via the sidx parameter in a JSON request to admin/participants/sa/getParticipants_json, related to a search parameter.

Remediation

References

CVE-2014-5017

Related Vulnerabilities

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.27)

WordPress Plugin Uploader 'num' Parameter Cross-Site Scripting (1.0.0)

WordPress Plugin WordPress Facebook SQL Injection (1.0.8)

MySQL CVE-2022-21314 Vulnerability (CVE-2022-21314)

Sqlite NULL Pointer Dereference Vulnerability (CVE-2020-35525)

Severity

High

Classification

CVE-2014-5017 CWE-138

Tags

Missing Update Known Vulnerabilities