Vulnerability Description
SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey before 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands via the sid parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Limesurvey | Limesurvey | <= 2.06\+ |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/75301
- https://bugs.limesurvey.org/view.php?id=9694
- https://github.com/LimeSurvey/LimeSurvey/commit/b09edc0dbd18d8459ade4c7c941e562c
- https://github.com/LimeSurvey/LimeSurvey/commit/e15861a65b7028adfc23ef6af8563f64
- https://github.com/LimeSurvey/LimeSurvey/pull/331
- http://www.securityfocus.com/bid/75301
- https://bugs.limesurvey.org/view.php?id=9694
- https://github.com/LimeSurvey/LimeSurvey/commit/b09edc0dbd18d8459ade4c7c941e562c
- https://github.com/LimeSurvey/LimeSurvey/commit/e15861a65b7028adfc23ef6af8563f64
- https://github.com/LimeSurvey/LimeSurvey/pull/331
FAQ
What is CVE-2015-4628?
CVE-2015-4628 is a vulnerability with a CVSS score of 6.5 (MEDIUM). SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey before 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands via...
How severe is CVE-2015-4628?
CVE-2015-4628 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-4628?
Check the references section above for vendor advisories and patch information. Affected products include: Limesurvey Limesurvey.