Vulnerability Description
An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Limesurvey | Limesurvey | < 3.17.14 |
Related Weaknesses (CWE)
References
- https://github.com/LimeSurvey/LimeSurvey/commit/5870fd1037058bc4e43cccf893b576c7PatchRelease NotesThird Party Advisory
- https://www.limesurvey.org/limesurvey-updates/2188-limesurvey-3-17-14-build-1909Release NotesVendor Advisory
- https://github.com/LimeSurvey/LimeSurvey/commit/5870fd1037058bc4e43cccf893b576c7PatchRelease NotesThird Party Advisory
- https://www.limesurvey.org/limesurvey-updates/2188-limesurvey-3-17-14-build-1909Release NotesVendor Advisory
FAQ
What is CVE-2019-16174?
CVE-2019-16174 is a vulnerability with a CVSS score of 8.8 (HIGH). An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity.
How severe is CVE-2019-16174?
CVE-2019-16174 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-16174?
Check the references section above for vendor advisories and patch information. Affected products include: Limesurvey Limesurvey.