SQL Injection Vulnerability in LimeSurvey Survey General Settings
CVE-2024-6933

Currently unrated

Key Information:

Vendor: LimeSurvey
Vendor: CVE Published:; 21 July 2024

What is CVE-2024-6933?

A critical SQL injection vulnerability has been identified in LimeSurvey's Survey General Settings feature, specifically in the actionUpdateSurveyLocaleSettingsGeneralSettings function located within the /index.php?r=admin/database/index/updatesurveylocalesettings_generalsettings file. Exploiting this flaw allows remote attackers to manipulate the 'language' argument, potentially executing arbitrary SQL commands. This vulnerability poses a significant risk as it may grant unauthorized access to sensitive database information. The issue has been publicly disclosed, and as such, organizations using affected versions should take immediate action to secure their systems against potential exploits.

References

https://vuldb.com/?id.271988

https://vuldb.com/?ctiid.271988

https://vuldb.com/?submit.372007

Timeline

Vulnerability published
Jul 21, 2024