Description LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model. Remediation References CVE-2019-25019 Related Vulnerabilities WordPress Plugin MasterStudy LMS-for Online Courses and Education Security Bypass (3.2.13) phpMyFAQ Misinterpretation of Input Vulnerability (CVE-2023-0880) WordPress Plugin Ocean Extra Security Bypass (1.5.8) Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-30177) WordPress Plugin Video Gallery-Vimeo and YouTube Gallery Cross-Site Scripting (1.1.4) Severity Critical Classification CVE-2019-25019 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities