Description

SQL injection vulnerability in the insert function in application/controllers/admin/dataentry.php in LimeSurvey 2.06+ allows remote authenticated users to execute arbitrary SQL commands via the closedate parameter.

Remediation

References

CVE-2015-5078

Related Vulnerabilities

Oracle JRE CVE-2014-2423 Vulnerability (CVE-2014-2423)

WordPress Plugin Autoptimize Multiple Vulnerabilities (2.7.6)

phpMyAdmin Other Vulnerability (CVE-2004-2630)

Apache HTTP Server CVE-1999-0070 Vulnerability (CVE-1999-0070)

WordPress Plugin WordPress Colorbox Lightbox Cross-Site Scripting (1.1.2)

Severity

Medium

Classification

CVE-2015-5078 CWE-138

Tags

Missing Update Known Vulnerabilities