Cross Site Request Forgery Vulnerability in Lime Survey by LimeSurvey GmbH
CVE-2024-39063

Currently unrated

Key Information:

Vendor: LimeSurvey GmbH
Status: Lime Survey
Vendor: CVE Published:; 9 July 2024

What is CVE-2024-39063?

Lime Survey is susceptible to Cross Site Request Forgery (CSRF) attacks due to insufficient verification of the YII_CSRF_TOKEN during GET requests. While the token is validated in the body of POST requests, the lack of similar checks for GET requests exposes users to the risk of unauthorized actions being performed on their behalf. This vulnerability can potentially allow attackers to manipulate users' data or settings without their consent, highlighting the critical need for comprehensive CSRF protections across all request methods.

References

https://github.com/sysentr0py/CVEs/tree/main/CVE-2024-39063

Timeline

Vulnerability published
Jul 9, 2024