SNS Vulnerability

LimeSurvey "sid" Parameter SQL Injection Vulnerability Fixed by 2.06+ (Build 150618)

Description

An SQL injection vulnerability has been identified in LimeSurvey.
An authenticated remote attacker could exploit it, by sending specially crafted data via the "sid" parameter of the "application/controllers/admin/questiongroups.php" page, in order to execute arbitrary SQL statements.

Vulnerable Products

Vulnerable Software:
LimeSurvey (LimeSurvey) - 1.72, 1.91, 1.91 Build 11228, 1.91 Build 11379-20111116, 1.92, ..., 2.05 Build 140520, 2.05 Build 140611, 2.05 build 140618, 2.05 Build 140703, 2.05 Build 140717

Solution

Version 2.06+ Build 150618 of Limesurvey fixes this vulnerability.

CVE

CVE-2015-4628

References

- Limesurvey : Version 2.06+ Build 150618 of LimeSurvey
https://github.com/LimeSurvey/LimeSurvey/commit/e15861a65b7028adfc23ef6af8563f645e318548
GitHub : SQL injection vulnerability in Lastest version LimeSurvey 206plus #331
https://github.com/LimeSurvey/LimeSurvey/pull/331

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
SQL injection Prevention - POST : suspicious SELECT statement in data	3.2.0
SQL injection Prevention - POST : possible version probing in data	3.2.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data	3.2.0
SQL injection Prevention - POST : suspicious CREATE statement in data	3.2.0
SQL injection Prevention - POST : suspicious UPDATE statement in data	3.2.0
SQL injection Prevention - POST : suspicious UNION statement in data	3.2.0
SQL injection Prevention - POST : suspicious DROP statement in data	3.2.0
SQL injection Prevention - POST : suspicious INSERT statement in data	3.2.0
SQL injection Prevention - POST : suspicious OR statement in data	3.2.0
SQL injection Prevention - POST : suspicious EXEC statement in data	3.2.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data	3.2.0
SQL injection Prevention - POST : suspicious DECLARE statement in data	3.2.0
SQL injection Prevention - POST : suspicious HAVING statement in data	3.2.0
SQL injection Prevention - POST : suspicious CAST statement in data	3.2.0
SQL injection Prevention - POST : suspicious UPDATE statement in data	5.0.0
SQL injection Prevention - POST : suspicious SELECT statement in data	5.0.0
SQL injection Prevention - POST : suspicious DECLARE statement in data	5.0.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data	5.0.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data	5.0.0
SQL injection Prevention - POST : suspicious CAST statement in data	5.0.0
SQL injection Prevention - POST : suspicious EXEC statement in data	5.0.0
SQL injection Prevention - POST : suspicious CREATE statement in data	5.0.0
SQL injection Prevention - POST : suspicious INSERT statement in data	5.0.0
SQL injection Prevention - POST : suspicious DROP statement in data	5.0.0
SQL injection Prevention - POST : suspicious HAVING statement in data	5.0.0
SQL injection Prevention - POST : suspicious UNION statement in data	5.0.0
SQL injection Prevention - POST : suspicious OR statement in data	5.0.0
SQL injection Prevention - POST : possible version probing in data	5.0.0

Risk level

Moderate

Vulnerability First Public Report Date

2015-06-18

Target Type

Server

Possible exploit

Remote