A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file.
References
Link | Resource |
---|---|
https://github.com/LimeSurvey/LimeSurvey/commit/5870fd1037058bc4e43cccf893b576c72293371e#diff-d539f3f8185667ee48db78e1bf65a3b4R46 | Patch Release Notes Third Party Advisory |
https://www.limesurvey.org/limesurvey-updates/2188-limesurvey-3-17-14-build-190902-released | Release Notes Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-09-09T20:27:17
Updated: 2019-09-09T20:27:17
Reserved: 2019-09-09T00:00:00
Link: CVE-2019-16184
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-09-09T21:15:11.887
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-16184
JSON object: View
Redhat Information
No data.
CWE