Database Exposure in LimeSurvey Prior to Version 3.17.14
CVE-2019-16177

7.5HIGH

Key Information:

Vendor: Limesurvey
Status: Limesurvey
Vendor: CVE Published:; 9 September 2019

What is CVE-2019-16177?

LimeSurvey, a popular survey tool, prior to version 3.17.14, suffers from a vulnerability that allows the entire database to be exposed through browser caching mechanisms. This design flaw poses significant risks as sensitive information stored in the database could be accessed by unauthorized users if they can exploit the caching features within the application. The issue has been addressed in subsequent releases, underscoring the importance of keeping software updated to mitigate potential data leakage risks.

References

https://www.limesurvey.org/limesurvey-updates/2188-limesu...

x_refsource_MISC

https://github.com/LimeSurvey/LimeSurvey/commit/5870fd103...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2019
Vulnerability Reserved
Sep 9, 2019

Limesurvey

What is CVE-2019-16177?

References

CVSS V3.1

Timeline