Description LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model. Remediation References CVE-2019-25019 Related Vulnerabilities WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.27) ATutor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-12169) PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2007-0906) Jetty CVE-2023-40167 Vulnerability (CVE-2023-40167) MySQL CVE-2023-21950 Vulnerability (CVE-2023-21950) Severity Critical Classification CVE-2019-25019 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities