CVE-2015-4628 - Vulncode-DB

CVE-2015-4628 (NVD)

2015-06-18

SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey before 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands via the sid parameter.

Products	Limesurvey
Type	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)
First patch	https://github.com/LimeSurvey/LimeSurvey/commit/b09edc0dbd18d8459ade4c7c941e562c16564f9e
Relevant file/s	• ./application/controllers/admin/questiongroups.php (modified, +4, -4) • ./application/helpers/admin/import_helper.php (modified, +1, -2)
Links	• https://github.com/LimeSurvey/LimeSurvey/commit/e15861a65b7028adfc23ef6af8563f645e318548 • https://bugs.limesurvey.org/view.php?id=9694 • https://github.com/LimeSurvey/LimeSurvey/pull/331 • http://www.securityfocus.com/bid/75301

LimeSurvey - Tree: b09edc0dbd

(? files)

Filter Settings

All Files

Relevant Files

Vulnerable Files

Patched Files

Files

VS-Dark VS-Bright Monokai Darcula

Navigation

Patch data:

(on by default)

Patched area: