Cross Site Request Forgery Vulnerability in Lime Survey by LimeSurvey GmbH
CVE-2024-39063

8.8HIGH

Key Information:

Vendor: LimeSurvey GmbH
Status: Lime Survey
Vendor: CVE Published:; 9 July 2024

🔔 Create LimeSurvey GmbH Vulnerability Alert

What is CVE-2024-39063?

Lime Survey is susceptible to Cross Site Request Forgery (CSRF) attacks due to insufficient verification of the YII_CSRF_TOKEN during GET requests. While the token is validated in the body of POST requests, the lack of similar checks for GET requests exposes users to the risk of unauthorized actions being performed on their behalf. This vulnerability can potentially allow attackers to manipulate users' data or settings without their consent, highlighting the critical need for comprehensive CSRF protections across all request methods.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/sysentr0py/CVEs/tree/main/CVE-2024-39063

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2024

JSON

LimeSurvey GmbH

What is CVE-2024-39063?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.