XML Injection Vulnerability in LimeSurvey by LimeSurvey
CVE-2019-16174

8.8HIGH

Key Information:

Vendor: Limesurvey
Status: Limesurvey
Vendor: CVE Published:; 9 September 2019

What is CVE-2019-16174?

An XML injection vulnerability was identified in LimeSurvey versions prior to 3.17.14. This flaw allows remote attackers to import meticulously crafted XML files, potentially leading to code execution or degradation of data integrity. The threat poses significant risks to system security, necessitating immediate update and remediation.

References

https://www.limesurvey.org/limesurvey-updates/2188-limesu...

x_refsource_MISC

https://github.com/LimeSurvey/LimeSurvey/commit/5870fd103...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2019
Vulnerability Reserved
Sep 9, 2019

Limesurvey

What is CVE-2019-16174?

References

CVSS V3.1

Timeline