|
Description
|
|
Two vulnerabilities have been discovered in LimeSurvey, which can be exploited by malicious users to conduct script insertion and SQL injection attacks.
1) Input passed via the "full_name" parameter to admin/admin.php (when "action" is set to "moduser") is not properly sanitised in admin/userrighthandling.php before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.
2) Input passed via the "id" parameter to admin/admin.php (when "action" is set to "browse") is not properly sanitised in admin/browse.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation of this vulnerability requires the "Create survey" permission or the "View/read Responses" permission for a survey.
The vulnerabilities are confirmed in version 1.91+ Build 12416. Prior versions may also be affected.
|
