Description

SQL injection vulnerability in the insert function in application/controllers/admin/dataentry.php in LimeSurvey 2.06+ allows remote authenticated users to execute arbitrary SQL commands via the closedate parameter.

Remediation

References

CVE-2015-5078

Related Vulnerabilities

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-27279)

WordPress Plugin The Plus Addons for Elementor Security Bypass (4.1.6)

WordPress Plugin Flamingo CSV Injection (2.1)

MySQL CVE-2015-4890 Vulnerability (CVE-2015-4890)

WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.29)

Severity

Medium

Classification

CVE-2015-5078 CWE-138

Tags

Missing Update Known Vulnerabilities