Description

SQL injection vulnerability in the insert function in application/controllers/admin/dataentry.php in LimeSurvey 2.06+ allows remote authenticated users to execute arbitrary SQL commands via the closedate parameter.

Remediation

References

CVE-2015-5078

Related Vulnerabilities

WordPress Plugin Easy Google Map Cross-Site Scripting (1.1.4)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2242)

MySQL CVE-2022-21486 Vulnerability (CVE-2022-21486)

MySQL CVE-2016-0653 Vulnerability (CVE-2016-0653)

MySQL CVE-2015-4769 Vulnerability (CVE-2015-4769)

Severity

Medium

Classification

CVE-2015-5078 CWE-138

Tags

Missing Update Known Vulnerabilities