Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

LimeSurvey Incorrect Default Permissions Vulnerability (CVE-2019-16186)

Description

In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions.

Remediation

References

Related Vulnerabilities

SharePoint Resource Management Errors Vulnerability (CVE-2015-0064)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-9711)

Mailman Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0707)

Jboss EAP Incorrect Authorization Vulnerability (CVE-2019-14843)

WordPress Plugin Ditty WordPress-Responsive Slider, List, and Ticker Display Cross-Site Scripting (3.0.14)

Severity

High

Classification

CVE-2019-16186 CWE-276 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities